Chapter 2. Introduction to Web Application Reconnaissance
Web application reconnaissance refers to the explorative data-gathering phase that generally occurs prior to hacking a web application. Web application reconnaissance is typically performed by hackers, pen testers, or bug bounty hunters, but can also be an effective way for security engineers to find weakly secured mechanisms in a web application and patch them before a malicious actor find them. Reconnaissance (recon) skills by themselves do not have significant value, but become increasingly valuable when coupled with offensive hacking knowledge and defensive security engineering experience.
Information Gathering
We already know that recon is all about building a deep understanding of an application before attempting to hack it. We also know that recon is an essential part of a good hacker’s toolkit. But so far, our knowledge regarding recon stops about there. So let’s brainstorm some more technical reasons as to why recon is important.
Warning
Many of the recon techniques presented in the following chapters are useful for mapping applications, but also could get your IP flagged, potentially resulting in application bans or even legal action.
Most recon techniques should only be performed against applications you own, or have written permission to test.
Recon can be accomplished in many ways. Sometimes simply navigating through a web application and taking note of network requests will be all that you need to become ...
Get Web Application Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.