This presentation has been created for the global Women in AppSec community, and walks you through the identification of attack vectors and web penetration testing phases. At the end, I've left a couple of personal tips and tools for you to start your own penetration testing environment.