“Conduct a serial of methodical and Repeatable tests is the best way to test the web server along with this to work through all of the different application Vulnerabilities. Collecting as Much as Information about an organization is the main area to concentrate on the initial stage of web server testing. Performing vulnerability scanning to identify the weakness in the network use the vulnerability scanning tools such as HPwebinspect, Nessus. and determine if the system can be exploited. Using Social engineering techniques to collect the information about the Human Resources, Contact Details, and other Social Related information.”]
Source: https://gbhackers.com/web-server-penetration-testing-checklist/