There are three types of web application testing, and these are defined as follows:
- Dynamic testing: This type of testing doesn't require the source code of the web application. The aim is to find vulnerabilities that could be exploited by an attacker from an untrusted location such as the internet.
- Static testing: This type of testing uses the web application's source code. It works by looking for vulnerabilities from within the web application as opposed to trying to breach the web application from an untrusted location.
- Penetration testing: This type of testing is what we will focus on in this chapter. It entails using the human element to imitate how an attacker might exploit a web application. It makes use of skill, intuition, and a variety of tools.