> .ROLE
PENETRATION TESTER, CYBERSECURITY CONSULTANT
> .DETAILS
The bread and butter for many penetration testing firms are web applications. They are also some of the hardest parts of a network to secure. Sites are always online, meant to be accessed by people of varying “trustworthiness”, and if misconfigured can allow unauthorized access to internal network resources.
Beyond that, web applications are major money makers for the companies themselves. If the site is down, they lose money. If the site is compromised, they lose money. Even if it just takes a while to load, it can mean the lose of business.
Web applications can be written is many languages, and each one will have different vulnerabilities. So, OWASP has done research to find the most common vulnerabilities across all platforms, and ranked them in the “OWASP Top 10”. These are updated every few years, with the last refresh being in 2017.
> .TECHNOLOGY
KALI LINUX, OWASP JUICE SHOP, BURP SUITE