Hi there,
I’ve finished my Ethical Hacking course and passed the CEH two months ago and I am currently applying for jobs in Cyber Security.
I’ve applied for a Pentester role at a big company that would be interested to hire me but first, they would like me to conduct a mini-web application assessment on a vulnerable website they built in order to gauge my skills.
I will have 24h to find as much vulnerabilities as I can, followed my another 24h to document them in a report.
I am creating a sort of plan with all the vulnerabilities I should be looking for and I was curious to know what YOUR web app assessment plan was. That would be really helpful !
What do you start with ?
I know that the first phase of an attack is Reconnaissance but what’s next ? Should I start off by testing SQL injection and then LDAP? And finish off by testing cache poisoning for instance ?
What plan would you advise me to follow knowing that I only have 24h (and that I am a beginner) ?
Your help would be very much appreciated !
Thank you so much in advance !
Have a lovely day
H