Reconnaissance & Enumeration

Manual Browsing

Examine Banners

• Wireshark
• Proxy

URL testing

• Spidering via OWASP

Examine robots.txt

Examine sitemaps.xml

Examine HTTP Headers

Testing App Functionality

• Login to Web App
• Testing all functionalities