Web Application Vulnerabilities
How
Identify applications running on ports,usually port 80 or 443 for Web app
Look for exploits on the Internet.
Run the exploits against the target application
Top 10 attack vectors
Injection (including SQL injections)
Broken Authentication and Session Management
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Access Control
Cross-Site Request Forgery (an attack that targets a victim’s browser)
Using Known Vulnerable Components
Unvalidated Redirects and Forwards