Computer Science Journals
Penetration Tests (PenTests) have gained recognition as a legitimate approach to identifying and then in theory, mitigating discovered weaknesses. The PenTest industry even has a Magazine (PenTest Magazine) and there are some tools out there that the user, as an Industrial Control Systems (ICSs) cyber security professional, ought to have in their tool set like the PWN phone or Metasploit modules from digital bond. Modern cyber defense requires a realistic and thorough understanding of web application security issues. Anyone can learn to sling a few web hacks, but web application penetration testing requires something deeper. Major web application flaws and their exploitation, a field-tested and repeatable process to consistently finding these flaws and convey them will be discussed in this paper. Modern attacks principles will be analyzed on purpose to create the most sufficient penetration tests.