June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Assets
Assets are the different parts of the application that a hacker would be interested in getting (also known as Threat target). Most of the time, the attacker is interested in the data, but here are more examples that you can use while developing this section:
- Read user data (for example, passwords, credit cards, personal information)
- Execute unauthorized functionalities (for example, add a new user and delete an account)
- Access to unauthorized systems (for example, access to the database, access to the web server file system through a terminal window)
- Different systems availability (for example, DOS against a web server)