Web Application Penetration Testing

4.1 Introduction and Objectives

4.2 Information Gathering

4.3 Configuration Management Testing

4.4 Business logic testing

4.5 Authentication Testing

4.5 Authorization Testing

4.6 Session Management Testing

4.7 Data Validation Testing

4.8 Testing for Denial of Service

4.9 Web Services Testing

4.10 Client Side Testing