Get started with Web Application Testing

If you need to do a deep website vulnerability assessment with, look no further.
Written by Adina Mihaita
Updated 7 months ago

This short guide covers the essentials of which of our tools and features to streamline in order to set up your workflow when assessing websites. The step-by-step guide can be found in our Learning Center.

Discover your attack surface [optional]

If you already know your target hostname’s attack surface, you can skip the discovery stage.

🤖 You can automate this step using a pre-built Domain Recon Robot, which starts by discovering the subdomains of a target domain. It continues with a deep TCP port scan against all identified subdomains and then runs Website Recon against all HTTP/S ports to fingerprint web technologies and take screenshots.

Run the Website Scanner

The Website Scanner finds common vulnerabilities that affect web applications, such as SQL Injection, XSS, OS Command Injection, Directory Traversal, and others. The scanner also identifies specific web server configuration issues.

The Deep Scan goes into much more detail than the Light Scan and attempts to map the entire attack surface of the target system through various tactics: crawling the application, discovering hidden files, using more attack vectors to check for server configuration issues and outdated services, etc.

Run a specific CMS scanner [optional]

You can run a specific scanner – such as the ones for SharePoint or WordPress – to discover various security weaknesses or outdated versions of these particular CMSs.

Perform an authenticated website scan [where applicable]

If your target application requires authentication and you don’t enable authenticated scans, the Website Scanner covers only a small set of application functionalities, specifically the ones exposed before the user has to log in. To get more in-depth results, we recommend performing authenticated scans.

We offer four authentication methods for our Website Scanner tool: recorded, automatic, cookies, or headers. If you don’t know which one is suitable for your target application, check out how each authentication method works in the dedicated guides we created for you.

Discover hidden files with URL Fuzzer

The URL Fuzzer finds hidden files and directories on a web server through the fuzzing method. This is a discovery technique that allows you to discover resources that are not meant to be publicly accessible (e.g. /backups, /index.php.old, /archive.tgz, /, etc).

Test the web server using the Network Vulnerability Scanner

Since the Network Vulnerability Scanner with OpenVAS helps you detect a wide range of vulnerabilities in network services, operating systems, and also in web servers, its use cases are very diverse. Make sure to test each of your servers to make the most of its capabilities.

Check out the full guide and more pro tips in the platform tutorials section of our blog.

Did this answer your question?