Chapter 7. Web Application Attacks

In this chapter, we will explore various methods of testing web applications using freely available tools such as your web browser, w3af, WebScarab, and others. We will also discuss methods of bypassing web application firewalls and IDSs, and how to determine if your targets are being load balanced or filtered. This chapter does require significant lab preparation. If you are not following the examples, you may want to bypass these portions.


There are numerous methods of performing this type of testing. We would need to dedicate an entire book to cover them all. Keeping this in mind, we have provided guidance on techniques that are most beneficial when targeting secured environments.

Businesses will typically ...

Get Advanced Penetration Testing for Highly-Secured Environments - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.