Abstract
When doing a penetration testing assignment, Web applications will often be the site of the bulk of your findings. Web applications are especially vulnerable because they are often not protected in the same way that other services may be. When an organization places a system into its infrastructure, that system will generally be behind a firewall. This may be a network firewall, or it may be a host firewall that resides on the system itself. The thing about Web applications is that they are programs that sit on open ports. They are specifically exposed through the firewall because the very point of their existence is to be there to service users on the other side of the firewall. This is not at all the same as having a fileshare port open to users inside the company since, while there may be malicious users on the inside, the population is much smaller and easier to keep an eye on.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Ric Messier
About this chapter
Cite this chapter
Messier, R. (2016). Breaking Web Sites. In: Penetration Testing Basics. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-1857-0_6
Download citation
DOI: https://doi.org/10.1007/978-1-4842-1857-0_6
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-1856-3
Online ISBN: 978-1-4842-1857-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books