Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I’ll go over the different stages of a web application pen test, from start to finish. We’ll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets “footprint”, all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities. I’ll also discuss pro-tips and tricks that I use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.
