CHAPTER 8
Web Application Testing
Think about the applications that you use by way of a web interface. Your banking.
Your credit cards. Social networking sites like Facebook, Twitter, LinkedIn, and so
many others. Job search sites. Your information is stored
by a lot of companies with
accessible portals available on the open internet. Because of the amount of data that is
available and the potentially exposed pathways to that data, web attacks are common
vectors. As a result, web application testing is a common request from companies. At
times, you will find that web application testing may be all that you are asked to do.
Kali, not surprisingly, is loaded with web application testing tools.
To make effective
use of them, though, it’s helpful to understand what you are up against. This includes
understanding what the potential targets are in order to better identify the risk. It also
includes knowing the potential architecture you may be looking at—the systems you
may need to pass through and the way they may be arranged,
including the security
mechanisms that may be in place to protect the elements.
Web Architecture
A web application is a way of delivering programmatic functionality using common
web-based technologies between a server and a client, where the client is a web
browser.
A simpler way of saying this, perhaps, is that programs that may otherwise
have run natively on your computer are, instead, running in your browser, with com‐
munication to a remote server. The remote server you are interacting with likely has
other systems it communicates with in order to provide the
functionality or data you
are trying to get to. You are likely familiar with web applications and probably even
use them on a daily basis.
241
Even mobile applications are often web applications in the sense
that the mobile application you are interacting with is communi‐
cating with a web server remotely using web-based protocols and
technologies.
When we talk about web-based technologies, we are talking about protocols and lan‐
guages like HTTP, HTML, XML, and SQL. This also suggests that we are communi‐
cating
with a web server, meaning a server that communicates using HTTP, which
may be secured using TLS for encryption. Much of this is what happens between the
server and the client, but doesn’t necessarily describe what may be happening with
other systems within the network design.
To help you fully understand, we’ll talk
about the systems you may run into within a web application architecture. We will
start at the customer-facing end and then work our way inward to the most sensitive
components.
Figure 8-1
will be a reference point for us going forward. To simplify it a
little, some of the connection lines are missing. In reality,
the load balancers would
cross-connect with all of the web servers, for example. However, at some point all of
the cross-connections start to clutter the image.
Figure 8-1. Sample web architecture
