A nice presentation on Web Applications Penetration testing.

https://media.blackhat.com/bh-eu-12/...rai-WTF%20.pdf