Lets Talk a little bit about Web Application Security Testing Methodologies.

     Following all the steps in this methodology will not guarantee that you discover all the vulnerabilities within a given application. However, it will provide you with a good level of assurance that you have probed all the necessary regions of the application’s attack surface and have found as many issues as possible given the resources available to you.

We can say:

1. Step is "Map the Application’s Content"
2.Step is "Analyze the Application"

3.Step is "Test Client-Side Controls"

4.Step is "Test the Authentication Mechanism"

5.Step is "Test the Session Management Mechanism"

6.Step is "Test Access Controls"

7.Step is "Test for Input-Based Vulnerabilities"

8.Step is "Test for Function-Specifi c Input Vulnerabilities"

9.Step is "Test for Logic Flaws"

10.Step is "Test for Shared Hosting Vulnerabilities"

11.Step is "Test for Application Server Vulnerabilities"

12.Step is "Miscellaneous Checks"

13.Step is "Follow Up Any Information Leakage"

--- I will try to explain each step with examples later :) ---