■ Web traffic demystified with a web proxy
■ Why Burp Suite is a web hacker’s go-to toolkit
■ Recon with Burp Spider: finding all web resources made easy
■ The good & bad of web application scanning
■ Scanning with Zed Attack Proxy (ZAP) and Burp Scanner
The recon and scanning phases for the web application will provide detailed information about the resource (pages, files, directories, links, images, etc.) that make up the web application. These are very important pieces of information that will be used during web application exploitation later in our approach.
Performing web application recon involves discovering every single resource that the application interacts with so that ...