Useful Links
Computer Science
Cybersecurity
Web Application Penetration Testing
1. Introduction to Web Application Penetration Testing
2. Foundational Web Technologies
3. The Penetration Testing Methodology
4. Setting Up a Testing Environment
5. Information Gathering and Application Mapping
6. Server-Side Vulnerabilities
7. Client-Side Vulnerabilities
8. Authentication and Session Management Testing
9. Application Logic Testing
10. Web Services and API Security Testing
11. Advanced Attack Techniques
12. Reporting and Remediation
Information Gathering and Application Mapping
Passive Reconnaissance Techniques
Search Engine Intelligence
Google Dorking
Site-Specific Searches
File Type Searches
Sensitive Information Discovery
Cache and Archive Searches
Bing and Alternative Search Engines
Specialized Search Engines
Domain and Infrastructure Intelligence
WHOIS Database Queries
DNS Record Analysis
A Records
AAAA Records
MX Records
TXT Records
CNAME Records
Subdomain Enumeration
Certificate Transparency Logs
DNS Brute-Forcing
Search Engine Subdomain Discovery
Social Media and Public Information
LinkedIn Intelligence Gathering
GitHub and Code Repository Analysis
Exposed Credentials
Configuration Files
API Keys and Secrets
Job Posting Analysis
Company Website Analysis
Third-Party Intelligence Sources
Shodan Database Queries
Censys Search Engine
Have I Been Pwned Database
Threat Intelligence Platforms
Active Reconnaissance Techniques
Network Discovery
Host Discovery Techniques
Port Scanning Methodologies
TCP Connect Scans
SYN Stealth Scans
UDP Scans
Timing and Performance Optimization
Service Version Detection
Operating System Fingerprinting
DNS Enumeration
Zone Transfer Attempts
DNS Cache Snooping
Reverse DNS Lookups
DNS Tunneling Detection
Web Server Fingerprinting
HTTP Header Analysis
Error Page Fingerprinting
Default File Detection
Server Response Timing
SSL/TLS Certificate Analysis
Certificate Chain Validation
Cipher Suite Analysis
Protocol Version Testing
Certificate Transparency Monitoring
Application Content Discovery
Manual Application Exploration
Site Navigation and Mapping
Form Identification
Parameter Discovery
Functionality Enumeration
Automated Content Discovery
Web Crawling and Spidering
Crawler Configuration
Authentication Handling
JavaScript Rendering
Directory and File Enumeration
Wordlist Selection
Recursive Scanning
Extension-Based Discovery
Hidden Content Identification
Robots.txt Analysis
Sitemap.xml Examination
Comment and Metadata Analysis
Backup File Discovery
Development and Test Files
API Endpoint Discovery
REST API Enumeration
GraphQL Schema Introspection
SOAP Service Discovery
API Documentation Analysis
Attack Surface Analysis
Input Vector Identification
Form Parameters
URL Parameters
HTTP Headers
Cookie Values
File Upload Points
Authentication Mechanism Analysis
Login Functionality
Password Reset Mechanisms
Multi-Factor Authentication
Single Sign-On Integration
Session Management Assessment
Session Token Analysis
Session Lifecycle
Concurrent Session Handling
Business Logic Mapping
Workflow Identification
State Transition Analysis
Access Control Boundaries
Data Flow Mapping
Technology Stack Assessment
Framework Identification
Third-Party Component Analysis
Version Information Gathering
Known Vulnerability Research
Previous
4. Setting Up a Testing Environment
Go to top
Next
6. Server-Side Vulnerabilities