From gbhackers.com
Web server pentesting performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities.
1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.
2. “Collecting as Much as Information” about an organization Ranging from operation environment is the main area to concentrate on the initial stage of web server Pen testing.
3. Performing web server Authentication Testing, use Social engineering techniques to collect the information about the Human Resources, Contact Details, and other Social Related information.