Web Application Assessment. Help !

Hi there,

I’ve finished my Ethical Hacking course and passed the CEH two months ago and I am currently applying for jobs in Cyber Security.
I’ve applied for a Pentester role at a big company that would be interested to hire me but first, they would like me to conduct a mini-web application assessment on a vulnerable website they built in order to gauge my skills.
I will have 24h to find as much vulnerabilities as I can, followed my another 24h to document them in a report.

I am creating a sort of plan with all the vulnerabilities I should be looking for and I was curious to know what YOUR web app assessment plan was. That would be really helpful !

What do you start with ?
I know that the first phase of an attack is Reconnaissance but what’s next ? Should I start off by testing SQL injection and then LDAP? And finish off by testing cache poisoning for instance ?
What plan would you advise me to follow knowing that I only have 24h (and that I am a beginner) ?

Your help would be very much appreciated ! :slight_smile:
Thank you so much in advance !
Have a lovely day :slight_smile:

H

These would be the vulns I would look out for mainly:

XSS
File Upload Vuln
CSRF
User Enumeration
No bruteforce mitigation/prevention
LFI / RFI / Directory Traversal
SQLI
OS command injection

(Is it wordpress? → “wpscan”)

I would start by doing for example a nikto scan, if you have some obvious get requests try to enter ’ to test for SQLI, if there’s an error or the website changes, there’s probably an SQLI vuln, otherwise always scan with sqlmap to be sure.
Otherwise you need to test a website mainly manually, things like Burp or OWASP-Zap can help but most of the times you need to do most of it manually.
F.e. you can check the sourcecode or check if it’s obvious what kind of webapp the website is running. (The addon “wappalazyer” can also help)

EDIT: You can also google “webapp pentest checklist” or something like that

Thanks a lot for your help ! :smile: