> For the complete documentation index, see [llms.txt](https://reaper.gitbook.io/my-penetration-test-guide/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://reaper.gitbook.io/my-penetration-test-guide/web-based-attacks/web-application-methodology.md). # Web Application Methodology ## OWASP Testing Guide Approach The **OWASP** Web Security Testing Guide (**WSTG**) serves as an industry-standard reference for vulnerability coverage. Rather than dictating workflow, **OWASP** provides a checklist to ensure nothing is missed during testing. ### OWASP Testing Categories Reference The OWASP WSTG v4.2 organizes security tests into these categories: * **Information Gathering (WSTG-INFO):** Map scope, endpoints, frameworks and attack surface. * **Configuration Management (WSTG-CONF):** Identify misconfigurations in servers, frameworks and cloud services. * **Identity & Authentication (WSTG-IDNT / WSTG-ATHN):** Test authentication flows, credential management and MFA. * **Authorization (WSTG-ATHZ):** Validate access control, horizontal/vertical privilege separation and IDORs. * **Session Management (WSTG-SESS):** Evaluate session token handling, fixation, CSRF and expiry. * **Input Validation (WSTG-INPV):** Test for XSS, SQLi, command injection, template injection and request smuggling. * **Error Handling (WSTG-ERRH):** Identify information leakage from stack traces and error messages. * **Cryptography (WSTG-CRYP):** Verify TLS configuration, certificate validation and secure storage practices. * **Business Logic (WSTG-BUSL):** Assess workflow integrity, abuse cases and process assumptions. * **Client-Side Testing (WSTG-CLNT):** Test DOM XSS, CORS, client resource manipulation and clickjacking. * **API Testing (WSTG-APIT):** Evaluate REST/GraphQL endpoints, authentication, authorization and rate limits. {% hint style="success" %} **Key Insight:** OWASP provides the **what** to test, but your workflow determines **when** and **how** to test efficiently. {% endhint %} *** ### Web Application Architecture #### Modern Architecture Assessment Understanding an application’s architecture is essential to identify attack vectors and define effective testing strategies. #### Architecture Analysis Framework **Technology Stack Identification** * **Frontend:** JavaScript frameworks (React, Angular, Vue), CSS frameworks, build tools, bundlers, and CDNs ⇒ focus on client-side vulnerabilities. * **Backend:** Web servers (Apache, Nginx, IIS), app frameworks, databases, caching ⇒ reveals server-side risks and escalation paths. * **Tools:** Wappalyzer, WhatWeb, Nuclei templates, and manual header analysis. **Application Topology Mapping** * **Objectives:** Identify entry points, APIs, integrations, database connections, and external services. * **Patterns:** Monolith, microservices, serverless, SPAs ⇒ each requires tailored testing. * **Documentation:** Diagrams of data flows, trust boundaries, and dependencies to highlight attack paths. **Security Control Identification** * **WAFs:** Detect, fingerprint, analyze rules, and assess rate limiting. * **Authentication:** SSO, MFA, session management, API auth ⇒ each introduces unique bypass possibilities. * **Security Headers:** CSP, HSTS, CORS, etc., provide insights into protection layers. #### Architecture-Specific Testing Considerations * **SPAs:** Test APIs, token handling, and client-side security. * **Microservices:** Assess API gateways, inter-service auth, and communication. * **Cloud-Native:** Evaluate container security, serverless risks, and cloud misconfigurations. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reaper.gitbook.io/my-penetration-test-guide/web-based-attacks/web-application-methodology.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.