(4) Web security | penetration testing | network security web site source code and related analysis

as everyone knows ：

web Source code is a very important source of information in security testing , It can be used for code audit vulnerabilities and information breakthrough , among WEB There are many technologies in the source code that need concise analysis .
eg： obtain ASP The source code can be downloaded from the default database , To obtain the source code vulnerability of some other script, you can conduct code audit, mine or analyze its business logic, etc , Therefore, the acquisition of source code will provide more ideas for later security testing

Web Source directory structure
Database configuration file , Background Directory , The template directory , Database directory, etc

admin---------------------------------- Website background Directory
data------------------------------------ Database related directories
install---------------------------------- The installation directory
member------------------------------- Membership directory
template------------------------------ The template directory ( Build an overall architecture related to the website )
data（confing.php）-------------- Database configuration file , Communication information of website and database , Connection account password , You can connect to each other's database , From the database to get the source code of this website, which involves the administrator's account and password .
 

You can see how to open a source code of Baidu online , Some small ones may only have some directories

Web Source script type
ASP,PHP,ASPX,JSP,JAVAWEB And other script type source code security issues

Check the type of website through the file directory

About Web Source application classification
Portal site --------------------------- comprehensive
Online retailers --------------------------------- Business logic
Forum ---------------------------------XSS
Blog --------------------------------- Less
The third party ------------------------------ Look at its function

Access to source code ： Search for , Free fish Taobao , Third party source station , Corresponding to various industries .
Open source ： You can search the vulnerability related articles on the Internet .

Inside ： Routine penetration tests , Use scanning tools to judge .
If you can't get the source code, you can find the same type of source code analysis

Identify the cms, Here's a asp Script written website

  The bottom display technical support is GOOMAY company-developed ,

Then I want to find out if he is using cms Developed , Developed by ourselves

Add /robots.txt See if you can see

The result is the login page

Now I'm going to try this one that provides technical support , It is developed by ourselves , still cms Developed

① If we analyze the used cms edition , You can find the vulnerability of the corresponding version of Baidu online  

② If the website has been patched , Then consider scanning tools and related source code for analysis

③ If they developed it bit by bit , No source code , It's time to scan bit by bit