CHAPTER 2. Gathering Information on the Target


What’s In This Chapter?

This chapter presents three separate attacks designed to gather information about your Web application. These attacks are generally the starting point for any security testing that you might want to perform on your Web application. The information that you gather will help you perform some of the attacks in later chapters.


War-time generals spend a great deal of time performing reconnaissance and gathering information on their adversary. They do this so they can decide how to use their offensive capability most effectively.

The same applies to software testing, ...

Get How to Break Web Software: Functional and Security Testing of Web Applications and Web Services now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.