Web Applications Penetration Testing – Security Measures – Security Assessment

1. Introduction

What is a web application? Why web applications are the principal focus for programmers? Why vulnerabilities happen in web applications? How we can make a web application a fix entry. As I comprehend a web application is an entryway accessible on web for the overall population who can without much of a stretch make utilization of it emphatically for various reason or for the reason the web application exists. You should know, web applications are the obvious objective for programmers to obtain entrance since it is openly accessible, and a programmer has to know just the name of the association which he needs to hack. Helplessness is the shortcoming or absence of control exists in the application. Vulnerabilities can be because of shaky programming in web applications, absence of access control puts or designed, miss arrangement of utilizations and server or because of some other reason, there is no restriction.

There are numerous approaches to solidify your web application or your web server we will talk about this in a while. How about we see what are the key prerequisites which makes up a web application live?

a. Web Server

b. Application content showed

c. And or databases

These are the key parts of any web application.

Web server is an administration which keeps running on the PC and serves of web content/application content. This server commonly tune in on port 80(http) or on port 443(https). There are many web servers which are uninhibitedly accessible or business including top donors

a. I.I.S by Microsoft

b. Apache by Open source network

c. Tomcat and so forth

Application content is the thing that you see on the site, it very well may be dynamic or static, unique substance containing web applications are at more hazard as contrast with static substance containing web applications. Dynamic substance containing web applications utilizes database to store the evolving content. This database can be one of the accompanying kinds.

a. MySql Server

b. SQL Sever

c. Oracle Server

d. MS Access or some other

We have talked about a considerable measure on web application design now I will demonstrate to you generally accepted methods to perform entrance on web application (what we say a Pen-test).

2. Information Gathering

Any pen-test can not be expert without playing out the data gathering stage. This is the stage which is the core of pen test, there are numerous approaches to do data gathering lets talk about here.

a. Hacking with Search motors.

I would not list particular internet searcher which can be utilized in data gathering stage, there are loads of web index which are more power full from which mystery/secret data can be assemble. There are strategies which you can use to accumulate data on the objective.

Leave a Reply

Your email address will not be published. Required fields are marked *