July 20, 2011, 9:19 p.m.
posted by creed
You have just been exposed to the crux of the criteria that will drive your probing efforts. OWASP and WASC data is critical in understanding the threat/risk areas you will be targeting in your Web app pen testing efforts. These areas were laid out for you with as much technical information as possible, but some areas will require further research on your part. Research and practice will be ongoing in this space because it is an enormous field.
A lot of the techniques just seen will be automated via the use of tools. But you still need to understand everything that is taking place under the hood. The reality is that doing all of this work manually just takes too long and most entities will give you a very limited amount of time to complete your audit work. So tools that automate a lot of these processes will come in handy and you need to understand their strengths and use them to your advantage. Moreover, you need to couple the tools with the knowledge you have already gained so that you can:
Manually verify results and minimize false positive reporting.
Explain your findings to all of those interested in them.
Unfortunately, sometimes those with the greatest stake in your findings may not understand all of this at first exposure, so you really need to understand it in order to be able to make them understand (or at least understand some of it).
You now have a solid foundation to trek forward into the Attack Simulations where you actually attack your targets. Discovery has been covered, so you understand your target enough to get started, and now you should have a good idea of the areas you will be targeting based on the analysis performed in this chapter. Grab all of your notes that you have been building along the way and go attack your target with extreme prejudice (if you have been allowed to, of course).