Giters

Badbird3 / Methodology

A methodology for testing web applications for security vulnerabilities.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

App Pentest Methodology

Argument for a Methodology

  • Provides consistency
  • Success is measurable
  • Provides reassurance for the client

  1. Configure browser.

    • Install Firefox, Chrome, Chromium or similar. If already installed, clear all data
    • Install the following extensions: Session box, Foxy proxy, Wappalyzer.

  2. While proxying traffic through Burpsuite, use the application as a normal user would to populate Burpsuite with data.

  3. IF the scope is small, copy over every endpoint to the excel sheet and audit each endpoint.

  4. IF the scope is large, identify endpoints that interact with critical functionality. Copy those endpoints to the excel sheet and audit each endpoint.

  5. Record and report issues

About

A methodology for testing web applications for security vulnerabilities.

Languages

Language:PHP 75.6%Language:HTML 22.7%Language:Perl 1.4%Language:ASP.NET 0.2%Language:Python 0.0%Language:Shell 0.0%Language:JavaScript 0.0%