Web Application Penetration Testing

Created By: Frederick Rodriguez, Teaching Assistant

1. Arachni – Web Application Attack and Audit Framework tool.

2. Armitage – A scriptable red team collaboration tool for Metasploit that visualizes.
targets, recommends exploits and exposes the advanced post-exploitation
features in the framework (Armitage. (n.d.)).
3. Beef – A tool to gain control over a victim’s browser in a multi-step process.
4. Blind SQLI – A type of SQL injection is similar to the classic SQLI with the
exception that the attacker is not able to immediately see the results.
5. Burpsuite – Web vulnerability scanner.
6. Classic SQLI – A type of SQL injection using ‘where’ clause modification and
‘Union’ operator to exploit improperly filtered.
7. Covering Tracking – The act of altering logs and hiding activity including
scheduled services, files, and user-created account.
8. Cross Side Scripting (XSS) – A client-side type of injection attack using
malicious scripts to exploit vulnerable code via cookies, session tokens, or other
sensitive information.
9. DDoS – Distributed Denial of Service
10. Enumeration – A tool to find vulnerabilities.
11. Foot printing – A way to passively gain information.
12. HTTP – The foundation of communication for web application and web
pages using different functions such as get, head, delete, post, and put.
13. HTTPS – The foundation of secure communication for web application and web.
pages using certificate authority such as SSL and encryption key.
14. Local File Inclusion (LFI) – The process of including files on a server through a
browser to execute commands.
15. Maintaining Access – Setting up backdoor or communication with
a scheduled listener to keep access.
16. Nikto – Open source web server scanner that checks for configuration
problems.
17. Nmap – Network discovery and security auditing tool with a robust script engine.
18. Packet – A unit of data transported across networks to facilitate communications
between hosts.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

1
 19. Remote File Inclusion (RFI) – The process of allowing an attacker to upload a
custom malicious file onto the website or server by code execution to deface a
webpage or gain access.
20. Scanning – A tool to map the network.
21. SearchSploit – A database with searchable preloaded exploit scripts.
22. Secure Socket Layer (SSL) – A standard technology for securing internet
connections and safeguarding any sensitive data being sent between two
systems, preventing criminals from reading and modifying any information
transferred, including potential personal details (The Ultimate Guide What is SSL,
TLS and HTTPS? (n.d.)).
23. Servers Status Codes
a. 1XX – informational
b. 2XX – Success Codes
c. 3XX – Redirection
d. 4XX – Client Error
e. 5XX – Server Error
24. Spidering – A technique of mapping a website either actively or passively
to identify all the pages accessible to any user.
25. SQL Injection – A code injection attack to take advantage of improperly filtered
user input to enumerate and manipulate a database through the escape
characters.
26. SQLMap – Automatic SQL injection and database enumeration tool.
27. SQLNinja – Automatic SQL injection and database enumeration tool.
28. SQL Post Injection – the use of the POST parameter for a
code injection attack.
29. Transmission Control Protocol (TCP) – A connection-oriented protocol with
a three-way handshake.
30. Transport Layer Security (TLS) - A protocol that provides authentication,
privacy, and data integrity between two communicating computer applications
(What is Transport Layer Security (TLS)? - Definition from WhatIs.com. (n.d.)).
31. Universal Datagram Protocol (UDP) – A connectionless-oriented protocol with
no handshake.
32. URL Manipulation – Used to gain access or information from a website when
poor users controls are implemented.
33. Vega – A web vulnerability scanner tool.
34. Wire Shark – A network protocol analyzer tool.
35. Zap – An attack proxy web scanner.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

2
References:

Armitage. (n.d.). Retrieved June 15, 2019, from https://tools.kali.org/exploitation-tools/armitage

The Ultimate Guide What is SSL, TLS and HTTPS? (n.d.). Retrieved June 15, 2019, from
https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https

What is Transport Layer Security (TLS)? - Definition from WhatIs.com. (n.d.). Retrieved June
15, 2019, from https://searchsecurity.techtarget.com/definition/Transport-Layer-Security-
TLS

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.