June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Looking for web vulnerabilities using the scanner
For an effective web application penetration test, you will need to perform both a manual test and an automated test. If you only do one of them, you're not doing the right thing. This has been a debate, and sometimes, I see teams relying on fancy, automated tools, because they lack the knowledge for manual tests. On the other hand, I've seen teams with sky high egos; they think that manual tests are for the elite, and that those tests should be enough. My philosophy is that you need both. In this section, I will show you the automated method to scan for vulnerabilities. The manual method will be covered in an upcoming chapter.
In Burp, the first type of scan is the passive scan, which