Attack Methodology (use mapping/graphing!)

• What is its purpose (sell, corp presence, news, etc)?

• Does it allow user registration?

• Does registration open more content to us?

• Does it have an admin panel?

• Does it take input from the user?

• What kind of input?

• Does it accept file uploads?

• Does it use JS, Ajax, Flash etc?

• Spider the webapp

• Does it mix custom code with commercial/open-source scripts and plugins (e-commerce, user data, social media connections, analytics, blogging, etc)

Divide and conquer. Make sure to mindmap each area and dig in on it deeper. you will get lost and surely miss areas if you don't. And even a small app will cause a bad/hard to follow report if mapping is skipped.

Deeper dive areas

• Client Side Validation (sql, xss, serialization, logic flaws, etc)

• Database Interaction (sql, xpath)

• File Uploading/downloading (shells, lfi/rfi)

• Display of User Supplied Data (xss)

• Redirections (mapping help, open redirects, used with sleep to RCE, splitting, etc

• Access Controls and Login protected pages (authentication/authorization tests)

• Error messages

• Sub files/domains/modules/scripts/databases

• Keep Charting