Carry out web application penetration testing

URN: TECIS60444
Business Sectors (Suites): IT(Cyber Security)
Developed by: e-skills
Approved on: 2023

Overview

This standard is about carrying out web application penetration testing.

Penetration testers discover security weaknesses within organisational infrastructure and web applications by  performing authorised security tests to identify new vulnerabilities and report findings. They carry out tests using a combination of industry standard tools, in-house developed tools and manual reviews. The objective of a penetration test is to uncover any form of vulnerability - from small implementation bugs to major design flaws resulting from coding errors, system configuration faults, design flaws or other operational deployment weaknesses.

Carrying out web application penetration testing involves testing organisational web applications using simulated attacks against web applications to check for exploitable vulnerabilities in them that could compromise organisational systems and data as well as interrupting the availability and performance of the web application itself. This involves the attempted breaching of web application systems, including planning and reconnaissance, scanning application code, carrying out simulated attacks to uncover vulnerabilities, and maintaining access. This also includes analysing the results on web application testing and producing reports, and recommendations for clients to mitigate vulnerabilities.

This standard is for those who need to carry out web application penetration testing as part of their duties.


Performance criteria

You must be able to:

  1. Identify penetration testing requirements to support web application penetration testing activity planning

  2. Select the web application penetration testing tools and techniques required to deliver client requirements

  3. Define the scope of a web application penetration test, including the target applications to be addressed and the testing methods to be used
  4. Perform reconnaissance of Open Source Intelligence (OSInt) on a target web application to identify potential vulnerabilities
  5. Search newsgroups and mailing lists to identify new intelligence about a target
  6. Analyse the target web site, including its content and Hyper Text Mark-up Language (HTML) source code to identify new vulnerabilities

  7. Configure vulnerability scanning tools to access packets of information sent between browser and webserver

  8. Perform scanning to detect vulnerabilities in security resilience

  9. Check HTTPS (Hypertext Transfer Protocol Secure) activity to identify man in the middle vulnerabilities

  10. Check for ability to access passwords and other sensitive data sent using HTTP (Hypertext Transfer Protocol) to identify vulnerabilities
  11. Analyse information contained within IP (Internet Protocol) and domain registries to identify the ability to access IP addresses
  12. Test for broken authentication to identify password or session ID (identifier) flaws using users credentials
  13. Carry out web application attacks, including cross-site scripting, Structured Query Language (SQL) injection and backdoors, to uncover a web application's vulnerability to standard attack methods

  14. Perform clean-up activities after conducting web application penetration testing

  15. Document vulnerabilities detected during web application penetration testing in line with organisational procedures

  16. Update knowledge base to record new knowledge on web application penetration testing techniques and discoveries

  17. Provide the client with a report for each web application penetration testing service completed and provide recommendations to mitigate vulnerabilities and risks

  18. Present web application penetration testing findings and recommendations to clients and colleagues

Knowledge and Understanding

You need to know and understand:

  1. The fundamental principles and concepts relevant to the penetration testing of web applications
  2. The main components of a web application penetration test and the high level processes involved
  3. Common vulnerabilities that can exist in web-based applications and how to identify and mitigate them
  4. The web application penetration testing life-cycle, from the initial client contact, to the delivery of the final report and subsequent mitigation work
  5. How to interpret client requirements for web application penetration testing
  6. How to select and apply industry standard tools and techniques to identify and exploit vulnerabilities in web applications
  7. The structure of a web application penetration test, including all relevant processes and procedures
  8. Industry standard web application penetration testing methodologies and how to apply them
  9. Industry standard and bespoke organisational tools and techniques to conduct web application penetration testing and how to apply them
  10. How to gather intelligence on web application targets
  11. The steps involved in analysing information from a target web site
  12. How to configure web proxy tools
  13. The steps involved in scanning web applications to understand how the target application will respond to intrusion attempts
  14. The basic architecture of a web application and where HTTP resides
  15. The basic principles and working of HTTP and HTTPS
  16. When is HTTPS Required in browsing
  17. Web Application penetration testing methodologies and how to apply them
  18. How to investigate IP and domain registries for useful information
  19. How authentication is broken when attackers are able to compromise passwords, user account information and other details
  20. The types of cross site scripting (XSS) methods including Stored XSS, Reflected XSS and DOM Based XSS
  21. How SQL injection uses malicious SQL code for backend database manipulation to access information
  22. The types of long-standing, sophisticated attacks that can occur as advanced persistent threats
  23. The steps involved in performing clean-up activities after conducting web application penetration testing
  24. How to analyse and interpret the results of web application penetration testing 
  25. How to mitigate vulnerabilities and prevent the associated exploits from averting system breaches
  26. How to document the results of infrastructure penetration testing

Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary


Links To Other NOS


External Links


Version Number

1

Indicative Review Date

2026

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECIS60444

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2135

Keywords

Penetration testing, security testing, ethical hacking