3 3




                   Preparing for an Engagement






            When you've narrowed down your search to the application you'd like to test, it's time to
            start collecting information. Getting a full sitemap, unmasking hidden content, and
            discovering artifacts left over from development (commented-out code, inline
            documentation, and so on) can help your narrow your focus to fertile areas. And by
            understanding what information you'll need for your vulnerability report, you can ensure
            you're collecting everything you need for when it's time to submit, right from the start.

            This chapter discusses techniques to map your target application's attack surface, search the
            site for hidden directories and leftover (but accessible) services, make informed decisions
            about what tools to use in a pentesting session, and document your sessions for your
            eventual report.

            We'll cover the following topics:
                      Understanding your target application's points of interest
                      Setting up and using Burp Suite
                      Where to find open source lists of XSS snippets, SQLi payloads, and other code
                      Gathering DNS and other network information about your target
                      Creating a stable of small, versatile scripts for information-gathering
                      Checking for known component vulnerabilities