Web Application Attack Phase
- Information Gathering
Information gathering is always the first step whether it is web application attack or other kind of hacking attacks Before performing exploit on a target web application , it is required to gather all information about the target web application . The information may include DNS information admin contact details and other such information - Scanning
In this phase , an attacker performs the various scans on the target web applications in order to acquire advanced information . In this phase attacker usually comes to know about the vulnerable points of the web application . Scanning includes information like platform of the web application , operating system , server information , vulnerable ports and protocol and vulnerable points - Perform Testing
Once the attacker is aware of the vulnerabilities and break points in a web aplication , he performs basic testing before launching the attacks . Sometimes a websites is vulnerable but taking advantage of that vulnerability is quite difficult due to other security standards used and this is necessary to perform a successful exploit. - Penetrating the Web Application :
This is the Attack phase in which an attacker tries to penetrate into the web application by taking advantage of the vulnerabilities and break points. Different kinds of exploit are required to take advantage of different vulnerabilities . Sometimes same vulnerability isn’t easily exploited by existing exploits so attacker needs to develop new exploit based on the behaviour of that vulnerability
1 Comment