Hacking Web Applications

From Enlace Hacktivista
Revision as of 15:52, 23 September 2023 by Booda (talk | contribs)
Jump to navigation Jump to search

NOTE: This page is under construction

Reconnaissance

Passive

Dorking
DNS Enumeration
Domain Information
Certificate Information
Web Stack Technology Identification
Port Scanning & Service Analysis
Discovering Historical Data
ASN Enumeration

Active

Security Control Identification
Port Scanning & Service Enumeration
Subdomain Enumeration
Web Stack Technology Identification
Walking the Application
Web Crawling
Source Code Analysis - JavaScript

Content Discovery

Subdomain Brute-forcing
Directory Brute-forcing
Parameter Fuzzing
Endpoint Analysis

Vulnerability Scanning

CVE Discovery

Misconfiguration Discovery

Common Vulns

Content Management System & Plugins

Application Analysis

Bypassing Security Controls

Exploit Discovery

Payloads

Open Redirects

IDOR

Authentication

File Upload Vulnerabilities

Low Hanging Fruits

S3 Buckets

Subdomain Takeover

Exposed Assets

Injections

Default Credentials

Exposed Secrets

Tools

Tool Description Link
Example Example Example
Example Example Example
Example Example Example
Retrieved from "https://enlacehacktivista.org/index.php?title=Hacking_Web_Applications&oldid=1625"