Some Basic Web Penetration Testing (View Source)

So I have some time to write about what I’ve learned so far. The most basic thing to do is right-click inside a browser and there are two options there that can be useful. Viewing the source code can be a valuable resource because everything is there, warts and all. On some CTF challenges, there will simply be commented out sections with clues or even the flag password inside the code. If you’ve never seen html code, or took it 5 years ago in college, this is a great way to dive in. You can view the code on any website, and I dont think it is considered malicious to do so if thats all you do. All you are looking at is the local cached copy of the website’s code that is downloaded to your machine. Familiarizing yourself with code is a great way to figure out what good code and bad code looks like and finding vulnerabilities.

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!