As mentioned previously, I’m doing an online training course – Web Application Penetration Testing – from ELearnSecurity.

Module 3 – Information Gathering

Module 3 covers the Information Gathering process. This is where the security tester gains an understanding of the web application and collects useful information for the testing process.

It covers the following:

  • Gathering Information on a target – WHOIS, DNS, Nslookup etc.
  • Fingerprinting the web server
  • Enumerating sub-domains
  • Fingerprinting frameworks and applications
  • Enumerating resources
  • Finding hidden files
  • Google Hacking