This chapter contains a detailed step-by-step methodology that you can follow when attacking a web application. It covers all of the categories of vulnerability and attack techniques described in this book. Carrying out all of the steps in this methodology will not guarantee that you discover all of the vulnerabilities within a given application. However, it will provide you with a good level of assurance that you have probed all of the necessary regions of the application's attack surface, and have found as many issues as possible given the resources available to you.

Figure 20-1 illustrates the main areas of work that this methodology describes. Within each area, we will drill down into this diagram and illustrate the subdivision of tasks which that area involves. The numbers used in the diagrams correspond to the hierarchical numbered list used in the methodology, so you can easily jump to the actions involved in a specific area.

The methodology is presented as a sequence of tasks that are organized and ordered according to the logical interdependencies between them. As far as possible, these interdependencies are highlighted in the task descriptions. However, in practice you will frequently need to think imaginatively about the direction that your activities should take, and allow these to be guided by what you discover about the application you are attacking. For example: