The first step in the process of attacking an application is to gather and examine some key information about it, in order to gain a better understanding of what you are up against.
The mapping exercise begins by enumerating the application's content and functionality, in order to understand what the application actually does and how it behaves. Much of this functionality will be easy to identify, but some of it may be hidden away, and require a degree of guesswork and luck in order to discover.
Having assembled a catalogue of the application's functionality, the principal task is to closely examine every aspect of its behavior, its core security mechanisms, and the technologies being employed (on both client and server). This will enable you to identify the key attack surface that the application exposes and hence the most interesting areas on which to target subsequent probing to find exploitable vulnerabilities.
In this chapter, we will describe the practical steps you need to follow during application mapping, various techniques and tricks you can use to maximize its effectiveness, and some tools that can assist you in the process.
In a typical application, the majority of the content and functionality can be identified via manual browsing. The basic approach is to walk through the application starting from the main initial page, following every link and navigating through all multistage functions (such as user ...