Web Technologies
Last updated
Was this helpful?
Last updated
Was this helpful?
The first step to perform a web application penetration test is to identify the target's web technology in use. In order to do that, you can follow these basic steps:
Peform nmap scans against the target web application's open port
Analyze the web application:
Using as a browser extension
Using whatweb http://server.com --log-verbose output-file
Look for the following generic files: robots.txt
, sitemap.xml
, README.txt
, CHANGELOG.txt
Analyze the website's footer, header and source code to check for references to the web technology used
Analyze the HTTP Response Headers
Force errors to trigger unexpected behaviors in the web application that may cause information disclosure