Carry out web application penetration testing
Overview
This standard is about carrying out web application penetration testing.
Penetration testers discover security weaknesses within organisational infrastructure and web applications by performing authorised security tests to identify new vulnerabilities and report findings. They carry out tests using a combination of industry standard tools, in-house developed tools and manual reviews. The objective of a penetration test is to uncover any form of vulnerability - from small implementation bugs to major design flaws resulting from coding errors, system configuration faults, design flaws or other operational deployment weaknesses.
Carrying out web application penetration testing involves testing organisational web applications using simulated attacks against web applications to check for exploitable vulnerabilities in them that could compromise organisational systems and data as well as interrupting the availability and performance of the web application itself. This involves the attempted breaching of web application systems, including planning and reconnaissance, scanning application code, carrying out simulated attacks to uncover vulnerabilities, and maintaining access. This also includes analysing the results on web application testing and producing reports, and recommendations for clients to mitigate vulnerabilities.
This standard is for those who need to carry out web application penetration testing as part of their duties.
Performance criteria
You must be able to:
Identify penetration testing requirements to support web application penetration testing activity planning
Select the web application penetration testing tools and techniques required to deliver client requirements
- Define the scope of a web application penetration test, including the target applications to be addressed and the testing methods to be used
- Perform reconnaissance of Open Source Intelligence (OSInt) on a target web application to identify potential vulnerabilities
- Search newsgroups and mailing lists to identify new intelligence about a target
Analyse the target web site, including its content and Hyper Text Mark-up Language (HTML) source code to identify new vulnerabilities
Configure vulnerability scanning tools to access packets of information sent between browser and webserver
Perform scanning to detect vulnerabilities in security resilience
Check HTTPS (Hypertext Transfer Protocol Secure) activity to identify man in the middle vulnerabilities
- Check for ability to access passwords and other sensitive data sent using HTTP (Hypertext Transfer Protocol) to identify vulnerabilities
- Analyse information contained within IP (Internet Protocol) and domain registries to identify the ability to access IP addresses
- Test for broken authentication to identify password or session ID (identifier) flaws using users credentials
Carry out web application attacks, including cross-site scripting, Structured Query Language (SQL) injection and backdoors, to uncover a web application's vulnerability to standard attack methods
Perform clean-up activities after conducting web application penetration testing
Document vulnerabilities detected during web application penetration testing in line with organisational procedures
Update knowledge base to record new knowledge on web application penetration testing techniques and discoveries
Provide the client with a report for each web application penetration testing service completed and provide recommendations to mitigate vulnerabilities and risks
- Present web application penetration testing findings and recommendations to clients and colleagues
Knowledge and Understanding
You need to know and understand:
- The fundamental principles and concepts relevant to the penetration testing of web applications
- The main components of a web application penetration test and the high level processes involved
- Common vulnerabilities that can exist in web-based applications and how to identify and mitigate them
- The web application penetration testing life-cycle, from the initial client contact, to the delivery of the final report and subsequent mitigation work
- How to interpret client requirements for web application penetration testing
- How to select and apply industry standard tools and techniques to identify and exploit vulnerabilities in web applications
- The structure of a web application penetration test, including all relevant processes and procedures
- Industry standard web application penetration testing methodologies and how to apply them
- Industry standard and bespoke organisational tools and techniques to conduct web application penetration testing and how to apply them
- How to gather intelligence on web application targets
- The steps involved in analysing information from a target web site
- How to configure web proxy tools
- The steps involved in scanning web applications to understand how the target application will respond to intrusion attempts
- The basic architecture of a web application and where HTTP resides
- The basic principles and working of HTTP and HTTPS
- When is HTTPS Required in browsing
- Web Application penetration testing methodologies and how to apply them
- How to investigate IP and domain registries for useful information
- How authentication is broken when attackers are able to compromise passwords, user account information and other details
- The types of cross site scripting (XSS) methods including Stored XSS, Reflected XSS and DOM Based XSS
- How SQL injection uses malicious SQL code for backend database manipulation to access information
- The types of long-standing, sophisticated attacks that can occur as advanced persistent threats
- The steps involved in performing clean-up activities after conducting web application penetration testing
- How to analyse and interpret the results of web application penetration testing
- How to mitigate vulnerabilities and prevent the associated exploits from averting system breaches
- How to document the results of infrastructure penetration testing