Hacking Web Applications

NOTE: This page is under construction

Web Application Hacking Methodology - Overview

Information Gathering - OSINT

Target Organization

Basic Information

Name

Physical Address

Employee Count

Employee Roles

Target Company TLDs

Company Acquisitions

Social Media Presence

Revenue

Leadership

Job Openings

Organization Employees

Email Addresses

Phone Numbers

Social Media Profiles

Breached Emails

Breached Usernames

Breached Passwords

Curriculum Vitae Discovery

Reconnaissance

Passive

Dorking

DNS Enumeration

Domain Information

Certificate Information

Web Stack Technology Identification

Port Scanning & Service Analysis

Discovering Historical Data

ASN Enumeration

Active

Security Control Identification

Port Scanning & Service Enumeration

Subdomain Enumeration

Web Stack Technology Identification

Walking the Application

Web Crawling

Source Code Analysis - JavaScript

Content Discovery

Subdomain Brute-forcing

Directory Brute-forcing

Parameter Fuzzing

Endpoint Analysis

Vulnerability Scanning

CVE Discovery

Misconfiguration Discovery

Common Vulns

Content Management System & Plugins

Application Analysis

Bypassing Security Controls

Exploit Discovery

APIs

Open Redirects

IDOR

Authentication

File Upload Vulnerabilities

Low Hanging Fruits

S3 Buckets

Subdomain Takeover

Exposed Assets

Injections

Default Credentials

Exposed Secrets

Tools

Tool	Description	Link
Example	Example	Example
Example	Example	Example
Example	Example	Example

Hacking Web Applications

Web Application Hacking Methodology - Overview

Information Gathering - OSINT

Target Organization

Basic Information

Name

Physical Address

Employee Count

Employee Roles

Target Company TLDs

Company Acquisitions

Social Media Presence

Revenue

Leadership

Job Openings

Organization Employees

Email Addresses

Phone Numbers

Social Media Profiles

Breached Emails

Breached Usernames

Breached Passwords

Curriculum Vitae Discovery

Reconnaissance

Passive

Dorking

DNS Enumeration

Domain Information

Certificate Information

Web Stack Technology Identification

Port Scanning & Service Analysis

Discovering Historical Data

ASN Enumeration

Active

Security Control Identification

Port Scanning & Service Enumeration

Subdomain Enumeration

Web Stack Technology Identification

Walking the Application

Web Crawling

Source Code Analysis - JavaScript

Content Discovery

Subdomain Brute-forcing

Directory Brute-forcing

Parameter Fuzzing

Endpoint Analysis

Vulnerability Scanning

CVE Discovery

Misconfiguration Discovery

Common Vulns

Content Management System & Plugins

Application Analysis

Bypassing Security Controls

Exploit Discovery

APIs

Open Redirects

IDOR

Authentication

File Upload Vulnerabilities

Low Hanging Fruits

S3 Buckets

Subdomain Takeover

Exposed Assets

Injections

Default Credentials

Exposed Secrets

Tools

Navigation menu

Search