the-web-application-hackers-handbook

CHAPTER
4
Mapping the Application
The first step in the process of attacking an application is gathering and examining
some key information about it to gain a better understanding of what you
are up against.
The mapping exercise begins by enumerating the application’s content and
functionality in order to understand what the application does and how it
behaves. Much of this functionality is easy to identify, but some of it may be
hidden, requiring a degree of guesswork and luck to discover.
After a catalog of the application’s functionality has been assembled, the
principal task is to closely examine every aspect of its behavior, its core security
mechanisms, and the technologies being employed (on both the client and
server). This will enable you to identify the key attack surface that the application
exposes and hence the most interesting areas where you should target subsequent
probing to find exploitable vulnerabilities. Often the analysis exercise can
uncover vulnerabilities by itself, as discussed later in the chapter.
As applications get ever larger and more functional, effective mapping is a
valuable skill. A seasoned expert can quickly triage whole areas of functionality,
looking for classes of vulnerabilities as opposed to instances, while investing
significant time in testing other specific areas, aiming to uncover a high-risk issue.
This chapter describes the practical steps you need to follow during application
mapping, various techniques and tricks you can use to maximize its effectiveness,
and some tools that can assist you in the process.
73