Just wondering if anyone is willing to share some resources around web site hacking / enumeration? Specifically around custom web sites? Just wondering if there’s a process to follow here on things to look for. I know this is a vast subject, but just wondering if there’s some videos or articles related to the process in general?
me too xD
The best guide on Web Hacking is definitely the OWASP methodology. Will teach you all of the basics.
This is beautiful. Thanks @kanecain !!!
Take note that some of the tools in the pdf are old. But the procedure is all the same. Rely more on manual enumeration. Also, get used to using Burp Suite (or OWASP Zap) as a web proxy for testing. Pretty much essential.
For sure. Yes I do use burp now, but pretty scattered methodology from my small amount of experience / notes. This helps lots. Thanks again.
There is also an excellent book called the web application hackers handbook it will serve you well.