For example:

  • Threat profile for public module
  • Threat profile for login module
  • Threat profile for password change module
  • Threat profile for logout module
  • Threat profile for business rule escalation module

Tests according to the threat profile

The threat profile is the key weapon of any attacker. Following the threat profile step by step can lead to discovery of very high and critical vulnerabilities.

Exploitation

Exploitation is the process of gaining control over a system.

End Goal: administrative-level access to the target.

During the penetration testing process, if a pen tester discovers a critical vulnerability that has an exploit or that can be exploited using our own scripts/code, he can use the Metasploit Framework to exploit the target or to develop his own exploit.

Prerequisite:

  • Scanning of the target.
  • Vulnerabilities found in the scanning phase.

Steps involved:

  • Check for the service/version running on the particular port.
  • Search the vulnerability in the service/version.
  • Exploit the target using tools like Metasploit..

Covering tracks and maintaining access:

Once exploitation has been done successfully, there are two ways to maintain the access.

  • Using Backdoors
  • Using Rootkits
  • For Example: Netcat, NetBus

Covering the Tracks

  • Destroying the evidence of presence and activities.
  • Log files contain the information of every activity that has been done on a computer, so it is very important to remove this log file. There are different ways to remove log files on Windows, Linux and MAC

    Reporting

    A penetration testing report should contain

    • An executive summary.
    • Detailed description of the vulnerabilities.
    • Raw output.

    Below is the elaborated process of writing a penetration testing process.

    • Executive Summary
    • Scope
    • Overall Assessment
    • Key Vulnerabilities Discovered
    • Graphical representation of OWASP top 10
    • Key Findings and Action Items
    • Observations
    • Recommended Action Plan
    • Interpretation of Ratings
    • Threat Profile
    • Tools used (Optional)
    • Result of test cases
    • Guidelines for Developers

Conclusion

A successful web application penetration test can be executed by following OWASP and OSSTM. Both are open source security testing methodologies. By reading this article you should have a great idea about how a web application penetrating test actually works. This article does not include the entire process of the WAPT, rather than it can be used as a reference document. For the most common and top vulnerabilities, refer to:

  • OWSAP TOP 10
  • SANS TOP 25
  • OSSTM (Open Source Security Testing Methodology)

References