The process of vulnerability mining

Posted by D on April 8, 2020

1. Recon and analysis

1.1 Map application content

1.1.1 Find all subdomains
Use recon-ng to find all subdomains.
Use nmap scan the opened ports of every ip.

1.1.2 Enumerating Content and Functionality
(1). Web Spidering
(2). User-Directed Spidering
(3). Discovering Hidden Content
(4). Application Pages Versus Functional Paths
(5). Discovering Hidden Parameters

1.1.3 Analyzing the application
(1). Identifying Entry Points for User Input
(2). Identifying Server-Side Technologies
(3). Identifying Server-Side Functionality
(4). Mapping the Attack Surface

1.2 Analyze the application

2. Application logic

2.1 Test client-side controls

2.2 Test for logic flaws

2.3 Miscellaneous Checks

3. Access handling

3.1 Test authentication

3.2 Test session management

3.3 Test access controls

3.4 Information Leakage

4. Input handling

4.1 Fuzz all parameters

4.2 Test for issues with specific functionality

5. Application hosting

5.1 Test for shared hosting issues

5.2 Test the web server

: