Introduction to Web Application Penetration Testing
In today's world, there are automated tools and SaaS solutions that can test the security of a system or application. Automation often fails at a logical level when an application needs to be tested for business-logic flaws. It is important to learn how the penetration tester can help organizations stay a step ahead of cyber attacks and why the organization needs to follow a strict patch-management cycle to secure their assets.
In this book, you will learn how to perform a penetration test on web applications that are built on different platforms using the famous Metasploit framework. As most of us have heard about this tool and its importance in regular penetration tests, this book will be focused on how we can perform penetration testing on a variety of web applications, such as content management systems (CMSes) and content delivery and content integration systems (CD/CI), using the Metasploit framework. To learn more about the tools and techniques, we first need to understand the basics of penetration testing.
In this chapter, we will cover the following topics:
- What is penetration testing?
- Types of penetration testing
- Stages of penetration testing
- Important terminologies
- Penetration testing methodologies
- Common weakness enumeration (CWE)