In this chapter, we learnt about information gathering, which is one of the foundations of penetrating a web application. With time and hands-on practice, the information gathering phase will improve a lot. A proper mix of both active and passive methods can be very handy.

Google Advanced Search techniques are amazingly powerful. More about them can be learned from the book, Google Hacking for Penetration Testers. While testing web applications, it's a good practice to observe the the HTTP response headers. This often helps in learning more about the web application and its components.

In the next chapter, we'll go through cross-site scripting and various techniques related to it. XSS enables us to execute client-side code inside the browser ...