The first step in the process of attacking an application is to gather and examine some key information about it, in order to gain a better understanding of what you are up against.
The mapping exercise begins by enumerating the application’s content and functionality, in order to understand what the application actually does and how it behaves. Much of this functionality will be easy to identify, but some of it may be hidden away, and require a degree of guesswork and luck in order to discover.
Having assembled a catalogue of the application’s functionality, the principal task is to closely examine every aspect of its behavior, its core security mechanisms, and the technologies being employed (on both client and server). This will enable you to identify the key attack surface that the application exposes and hence the most interesting areas on which to target subsequent probing to find exploitable vulnerabilities.
NEXT is..Enumerating Content and Functionality……..,