This document provides an overview of web application pentesting. It discusses preparations like setting up reporting and tools. The methodology involves reconnaissance, automated testing, and manual testing. Technical topics covered include the OWASP Top 10 vulnerabilities like injection, broken authentication, sensitive data exposure, and cross-site scripting. Examples are provided and recommendations on prevention. Tutorial resources like PortSwigger and OWASP Juice Shop are referenced.
4. Hints
•PDF of slides exists (with more text and links)
• Ask me afterwards or hit me up on twitter
•A blog post will be published on Thursday
• https://scip.ch/en/?labs.20191024
+
10. Setup
1) Reporting definition: http://www.pentest-
standard.org/index.php/Reporting
2) Reporting examples: https://github.com/juliocesarfort/public-pentesting-
reports
3) Scoping definition: http://www.pentest-standard.org/index.php/Pre-
engagement
4) How to get the most from your penetration test (includes scoping):
https://www.ncsc.gov.uk/guidance/penetration-testing
32. Injection
Fixed Code
String q = "SELECT * FROM products
WHERE cat= ? AND released = 1";
PreparedStatement p = con.prepareStat(q);
p.setString(1, req.getParam("category"));
42. Broken Authentication
What should have happened?1, 2 and 3
fancyUserName 102b04394cedfeac6abe02dd94
007eb076bc4cba13a0e9bd965b96cb8f696f52125
Ce189eca166d7176d3e8a2be068b5209bbca07ad8
6440d36a36695599247c
73. Resulting Requests sent to a
malicious server containing
username/password of every
user that logs in and triggers
the maliciously created batch
script
82. Setup
1) Reporting definition: http://www.pentest-
standard.org/index.php/Reporting
2) Reporting examples: https://github.com/juliocesarfort/public-pentesting-
reports
3) Scoping definition: http://www.pentest-standard.org/index.php/Pre-
engagement
4) How to get the most from your penetration test (includes scoping):
https://www.ncsc.gov.uk/guidance/penetration-testing