In this chapter, we will explore various methods of testing web applications using freely available tools such as your web browser, w3af, WebScarab, and others. We will also discuss methods of bypassing web application firewalls and IDSs, and how to determine if your targets are being load balanced or filtered. This chapter does require significant lab preparation. If you are not following the examples, you may want to bypass these portions.
Tip
There are numerous methods of performing this type of testing. We would need to dedicate an entire book to cover them all. Keeping this in mind, we have provided guidance on techniques that are most beneficial when targeting secured environments.
Businesses will typically use a risk-based approach when deciding on where the security dollars should be spent, and decisions made while under time and budget constraints can sometime lead to unintentional mistakes that have a profound impact on the entire security posture...