To secure a website or a web application, one has to first understand the target application, how it works and the scope behind it. Ideally, the penetration tester should have some basic knowledge of programming and scripting languages, and also web security.



A website security audit usually consists of two steps. Most of the time, the first step usually is to launch an