• Web Architecture
    		•

    | Chapter 7: Wireless Security Testing




    Download 22,59 Mb.
    Pdf ko'rish
    bet215/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   211   212   213   214   215   216   217   218   ...   225
    Bog'liq
    learningkalilinux

    240 | Chapter 7: Wireless Security Testing

    CHAPTER 8
    Web Application Testing
    Think about the applications that you use by way of a web interface. Your banking.
    Your credit cards. Social networking sites like Facebook, Twitter, LinkedIn, and so
    many others. Job search sites. Your information is stored by a lot of companies with
    accessible portals available on the open internet. Because of the amount of data that is
    available and the potentially exposed pathways to that data, web attacks are common
    vectors. As a result, web application testing is a common request from companies. At
    times, you will find that web application testing may be all that you are asked to do.
    Kali, not surprisingly, is loaded with web application testing tools. To make effective
    use of them, though, it’s helpful to understand what you are up against. This includes
    understanding what the potential targets are in order to better identify the risk. It also
    includes knowing the potential architecture you may be looking at—the systems you
    may need to pass through and the way they may be arranged, including the security
    mechanisms that may be in place to protect the elements.
    Web Architecture
    A web application is a way of delivering programmatic functionality using common
    web-based technologies between a server and a client, where the client is a web
    browser. A simpler way of saying this, perhaps, is that programs that may otherwise
    have run natively on your computer are, instead, running in your browser, with com‐
    munication to a remote server. The remote server you are interacting with likely has
    other systems it communicates with in order to provide the functionality or data you
    are trying to get to. You are likely familiar with web applications and probably even
    use them on a daily basis.
    241

    Even mobile applications are often web applications in the sense
    that the mobile application you are interacting with is communi‐
    cating with a web server remotely using web-based protocols and
    technologies.
    When we talk about web-based technologies, we are talking about protocols and lan‐
    guages like HTTP, HTML, XML, and SQL. This also suggests that we are communi‐
    cating with a web server, meaning a server that communicates using HTTP, which
    may be secured using TLS for encryption. Much of this is what happens between the
    server and the client, but doesn’t necessarily describe what may be happening with
    other systems within the network design. To help you fully understand, we’ll talk
    about the systems you may run into within a web application architecture. We will
    start at the customer-facing end and then work our way inward to the most sensitive
    components. 
    Figure 8-1
    will be a reference point for us going forward. To simplify it a
    little, some of the connection lines are missing. In reality, the load balancers would
    cross-connect with all of the web servers, for example. However, at some point all of
    the cross-connections start to clutter the image.
    Figure 8-1. Sample web architecture

    Download 22,59 Mb.
    1   ...   211   212   213   214   215   216   217   218   ...   225




    Download 22,59 Mb.
    Pdf ko'rish