Preparing for an Engagement

When you've narrowed down your search to the application you'd like to test, it's time to start collecting information. Getting a full sitemap, unmasking hidden content, and discovering artifacts left over from development (commented-out code, inline documentation, and so on) can help your narrow your focus to fertile areas. And by understanding what information you'll need for your vulnerability report, you can ensure you're collecting everything you need for when it's time to submit, right from the start.

This chapter discusses techniques to map your target application's attack surface, search the site for hidden directories and leftover (but accessible) services, make informed decisions about what tools to use in a pentesting session, and document your sessions for your eventual report.

We'll cover the following topics:

• Understanding your target application's points of interest
• Setting up and using Burp Suite
• Where to find open source lists of XSS snippets, SQLi payloads, and other code
• Gathering DNS and other network information about your target
• Creating a stable of small, versatile scripts for information-gathering
• Checking for known component vulnerabilities