if want to find vuln in somewebsite what are the Steps u do ?
there is no exact way, something like step by step
Web pentesting normally is run some tools to try find some vuln without do much, if dont work, try to scan, make a list about the site, know every info about, like a SO of server, all ports, all aplications, the versions, the programming language, when you have a lot of information, you can search some CVEs about the applications and tools what you have discovered
If this dont work, you can try some manual techniques to find vulnerability, like a sql injection in input, cross-script, Dos in input, ddos, upload some different file, and another tecnhiques
(This is what i do)
1 Like