the first steep in process of attacking the application is gathering and some key information about it to gain a better understanding what are you up against. the mapping exercise begins by enumerating the application content and functionality to understand what the web application does and how it behaves. much of this functionality is easy to identify, but some of it maybe hidden, requiring a degree of guesswork and lucky discover.
- Enumerating Content and Functionality
as shown below :