In part 4 of Web Application Security 101 we will dive deep into the standard testing methodology used by penetration testers and vulnerability researchers when testing web application for security vulnerabilities.

1. Testing Methodology
Introduction to web application security penetration testing.

2. Process Breakdown
Stage 1: Enumeration
Stage 2: Assessment
Stage 3: Exploitation
Stage 4: Deliverable

3. Stage 1: Enumeration
Server and Client Technologies.
Software Versions.
Application Structure.
Common Configuration Practices.

4. Stage 2: Assessment
Finding vulnerabilities by brute force.
Finding vulnerabilities by fuzzing.
Finding vulnerabilities manually.
Complex Input Validation Problems.
Logic Flaws.

5. Stage 3: Exploitation
Prove that the target is vulnerable.
Measure attack effectiveness.
Ease of Exploitability.
Attack Likelihood.
Mitigation Controls.

6. Stage 4: Deliverable
Document findings.
Discuss mitigations.
Provide examples.

7. Assessment Methodology
1. Authentication.
2. Session Management.
3. Access Control.
4. Data Transport.
5. Server Tier.
6. Data Storage.
7. Logging.
8. Business Logic.
9. Data Validation.