Using Planned Attacks to Identify Vulnerabilities
One of the most effective ways to complement vulnerability scanning and comprehensively assess the security of a web system or application is to perform a planned attack. Many security professionals refer to this as penetration testing, or pen testing for short.
The specific activities performed during planned attacks vary depending on the skill of the tester, the type of system, and the desired outcome. However, the commonly used process consists of three steps:
-
Developing a plan of attack
-
Identifying the security gaps and holes
-
Attempting to escalate privilege
A good site to reference when planning attacks on applications and web technologies is the Open Web Application Security Project ...
Get Internet and Web Application Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
