Web Application Penetration Testing

The following sections describe the 12 subcategories of the Web Application Penetration Testing Methodology:

4.1 Introduction and Objectives

4.2 Information Gathering 

4.3 Configuration and Deployment Management Testing 

4.4 Identity Management Testing

4.5 Authentication Testing 

4.6 Authorization Testing

4.7 Session Management Testing

4.8 Input Validation Testing

4.9 Error Handling

4.10 Cryptography

4.11 Business Logic Testing 

4.12 Client Side Testing