1 / 26

Web Application Penetration Testing Checklist

Cybersecurity is a journey, not a destination! Our ud835udc16ud835udc1eud835udc1b ud835udc00ud835udc29ud835udc29 ud835udc0fud835udc1eud835udc27ud835udc1eud835udc2dud835udc2bud835udc1aud835udc2dud835udc22ud835udc28ud835udc27 ud835udc13ud835udc1eud835udc2cud835udc2dud835udc22ud835udc27ud835udc20 ud835udc02ud835udc21ud835udc1eud835udc1cud835udc24ud835udc25ud835udc22ud835udc2cud835udc2d is your roadmap to a strengthened digital fortress. Every phase explained in this carousel is a crucial defense. How secure is your digital castle? Share your security strategies below!<br>

Priyansha1
Télécharger la présentation

Web Application Penetration Testing Checklist

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEB APPLICATION PENETRATION TESTING CHECKLIST

  2. Reconnaissance Phase Test Name Test Case Result Identify Web Server, Technologies, and Database Verify that the website is hosted on an HTTP server, front-end technologies, and back-end with PostgreSQL database. ASN (Autonomous System Number) & IP Space Enumeration and Service Enumeration Ensure the enumeration tool’s accuracy in obtaining ASNs, identifying IP addresses within a specified range, and detecting open ports and services on a target IP address. Ensure that the Google Dorking technique effectively retrieves sensitive information from public internet search engine results. Google Dorking Ensure that the directory enumeration process accurately identifies and lists directories and files within a specified web server directory. Directory Enumeration Ensure that the reverse lookup functionality accurately maps IP addresses to domain names. Reverse Lookup Confirm that the JS files analysis function accurately identifies vulnerabilities and security issues in JavaScript files. JS Files Analysis Subdomain Enumeration and Bruteforcing Confirm that the subdomain enumeration and brute-forcing functionality accurately discover subdomains associated with the target domain Verify that the port scanning tool correctly identifies open ports on a target IP address or network. Port Scanning www.infosectrain.com

  3. Registration Feature Testing Test Name Test Case Result Duplicate Registration/Overwrite Existing User Verify that the registration process prevents duplicate registration and overwriting of existing user accounts. Confirm that the registration process enforces a strong password policy. Weak Password Policy Ensure that the registration process prevents the reuse of the existing usernames. Reuse of Existing Usernames Verify that the email verification process adequately verifies user email addresses. Insufficient Email Verification Process Weak Registration Implementation - Allows Disposable Email Addresses Confirm that the registration process does not allow registration with disposable email addresses. Weak Registration Implementation- Over HTTP Verify that the registration process is securely implemented and does not allow registration over an unencrypted HTTP connection. Confirm that the registration process does not allow specially crafted usernames that could potentially overwrite or manipulate default web application pages. Overwrite Default Web Application Pages www.infosectrain.com

  4. Session Management Testing Test Name Test Case Result Decode Cookies Using Standard Decoding Algorithms Verify that cookies can be successfully decoded using standard decoding algorithms. Verify if the application correctly handles slight modifications to session cookie token values. Modify Cookie:Session Token Value Test Self-Registration with Similar Usernames Check if the application handles self-registration with usernames containing small variations. Check Session Cookies and Cookie Expiration Date/Time Verify that session cookies have appropriate expiration settings. Identify Cookie Domain Scope Ensure that session cookies are scoped to the appropriate domain. Check for HttpOnly Flag in Cookie Confirm that session cookies are marked with the HttpOnly flag. Ensure that session cookies are marked with the Secure flag if the application is served over SSL. Check for Secure Flag in Cookie www.infosectrain.com

  5. Authentication Testing Test Name Test Case Result Username Enumeration Verify that the system does not allow username enumeration. Bypass Authentication using SQL Injections Test for bypassing authentication using various SQL injections on the username and password fields. Confirm that the system enforces password confirmation when changing email addresses and passwords and managing 2FA. Lack of Password Confirmation Check if using resources without authentication is possible, leading to access violations. Access Violation without Authentication SSL Transmission of User Credentials Confirm that user credentials are transmitted over SSL. Check OAuth login functionality, including roles and potential security vulnerabilities. OAuth Login Functionality Check the misconfiguration of two-factor authentication for response manipulation, status codes, code leakage, reusability, brute-force protection, integrity validation, and null values. Two-Factor Authentication Misconfiguration www.infosectrain.com

  6. Post Login Testing Test Name Test Case Result Identify a parameter in the application that uses the active account user ID and attempts tampering to change the details of other accounts Active Account User ID and Tampering Attempt Enumerate Features Specific to a User Account and Conduct CSRF Testing Create a list of features specific to a user account and test for Cross-Site Request Forgery (CSRF) vulnerabilities. Change Email and Confirm Server-Side Validation Ensure if changing the email address is validated on the server side and whether the application sends email confirmation links to new users. Verify the account deletion option and confirm it via the forgot password feature. Verify Account Deletion Option with Forgot Password Feature Change Email, Account ID, and User ID Parameters for Brute Force Change the email, account ID, and user ID parameters and attempt brute force attacks on other users’ passwords. www.infosectrain.com

  7. Forgot Password Testing Test Case Test Name Result Failure to Expire Sessions Upon Logout and Password Reset Ensure the session is invalidated on logout and password reset. Check if Forgot Password Reset Link/Code Uniqueness Ensure the uniqueness of the password reset link/code. Check Expiry of Password Reset Link Verify if the reset link expires if not used within a specific time frame. Find User Account Identification Parameter and Attempt Tampering Identify the user account identification parameter and attempt to tamper with it to change another user’s password. Check for Weak Password Policy Examine if password reset enforces a strong password policy. Check if Active Session Gets Destroyed upon Changing the Password Verify if the active session is destroyed when changing the password. www.infosectrain.com

  8. Open Redirection Testing Test Name Test Case Result Examine common injection parameters for potential vulnerabilities. Test Common Injection Parameters Examine if changing the URL parameter value redirects to the specified URL. Change URL Parameter Values Ensure using a single slash and URL encoding in URL parameters. Test Single Slash and URL Encoding Check if using a whitelisted domain or keyword in parameters bypasses filters. Use Whitelisted Domain or Keyword Check if using “//” in parameters bypasses HTTP blacklisted keywords. Use “//” to Bypass HTTP Blacklisted Keyword Check if using a null byte (%00) in parameters bypasses blacklist filters. Use Null Byte (%00) to Bypass Blacklist Filter Check if the “°” symbol in parameters bypasses security filters. Use ° Symbol to Bypass www.infosectrain.com

  9. Host Header Injection Test Name Test Case Result Supply an Arbitrary Host Header Check the application’s handling of arbitrary host headers. Check for Flawed Validation Verify if the application has flawed validation for Host headers. Send ambiguous requests with various Host header manipulations to observe the application’s behavior. Check Ambiguous Requests Test the injection of host override headers to ensure that the application accepts and processes these headers. Inject Host Override Headers www.infosectrain.com

  10. SQL Injection Testing Test Name Test Case Result Entry Point Detection Identify vulnerable entry points for SQL injection. Use SQLmap to Identify Vulnerable Parameters Ensure that SQLmap identifies parameters vulnerable to SQL injection. Run the SQL Injection Scanner on All Requests Check if the SQL injection scanner identifies and reports any SQL injection vulnerabilities. Bypassing Web Application Firewall (WAF) Ensure bypass techniques are effective against the WAF (Web Application Firewall). Time Delays Verify the effectiveness of time delays for each database system. Evaluate the impact of conditional time delays for each database system. Conditional Delays Use ° Symbol to Bypass Check if the “°” symbol in parameters bypasses security filters. www.infosectrain.com

  11. Cross-Site Scripting Testing Test Name Test Case Result Check if the HTML tags are executed as XSS. Use HTML Tags if Script Tags Are Banned Check if the output is reflected inside a JavaScript variable and if an alert payload can be used. Reflect Output Inside JavaScript Variable Upload JavaScript Using Image File Check if the JavaScript code is executed when the image is displayed. Check if the payload is executed using the modified method from POST to GET can bypass filters. Change Method From POST to GET Syntax Encoding Payload Check if the syntax-encoded payload is executed as XSS. Verify whether the employed XSS firewall bypass techniques effectively circumvent the XSS firewall. XSS Firewall Bypass www.infosectrain.com

  12. CSRF Testing Test Name Test Case Result Confirm whether the CSRF token validation rejects a GET request when the validation process depends on the request method. Validation of CSRF Token Check if the application only accept requests with a valid CSRF token. CSRF Token Presence Validation Check if the CSRF token is not associated with the user’s session and ensure it validate the CSRF token even after the user session has ended. The CSRF Token Is Independent of the User Session validate the CSRF token even after the user session has ended. Ensure that the application should validate the CSRF token when the non-session cookie is included. Ensure that application should only accept requests with a valid Referer header. Verify Referer Header Presence www.infosectrain.com

  13. SSO Vulnerabilities Test Name Test Case Result Conduct fuzzing on an internal system following redirection to the SSO system to identify vulnerabilities or misconfigurations within the internal system. FUZZ on the Internal System After SSO Redirect Craft SAML Request and Server Interaction Craft a SAML request with a token and analyze how the server processes the crafted SAML request. Test for XML Signature Wrapping Vulnerabilities Check if the server is vulnerable to XML Signature Wrapping. Inject XXE Payloads in SAML Response Check if the server processes the XXE payloads. SSO for Takeover Assess the possibility of taking over the victim’s account. Check if SSRF can be achieved by modifying the IP in the Cookie header URLs. SSRF Using Cookie Header URLs www.infosectrain.com

  14. XML Injection Testing Test Name Test Case Result Verify if the server is vulnerable to XML Injection. Change Content Type for XML Injection Blind XXE with Out-of-Band Interaction Identifies if the server is vulnerable to Blind XXE attacks. Check if Cross-Origin Resource Sharing (CORS)-related errors can be triggered. Errors Parsing Origin Headers Whitelisted Null Origin Value Check if the server whitelists null Origin values. Bypassing Filters Check if filters can be bypassed. Cloud Instances Check if SSRF vulnerabilities can access cloud instance data. www.infosectrain.com

  15. File Upload Testing Test Case Result Test Name Check if null bytes can bypass upload restrictions. Null Byte (%00) Bypass Content-Type Bypass Check if content type manipulation can bypass restrictions. Magic Byte Bypass Identify if magic byte manipulation can bypass upload checks. Client-Side Validation Bypass Check if client-side validation can circumvent upload restrictions. Blacklisted Extension Bypass Check if the application effectively enforces extension restrictions. Homographic Character Bypass Check if homographic characters can bypass filters. www.infosectrain.com

  16. CAPTCHA Testing Test Name Test Case Result Verify if the application performs integrity checks on the Captcha field and rejects incomplete submissions. Missing Captcha Field Integrity Checks HTTP Verb Manipulation Check if changing HTTP verbs impacts Captcha validation. Reusable Captcha Check if Captchas are single-use or can be reused. Server-Side Validation for CAPTCHA Check if the server performs proper Captcha validation independently. OCR Image Recognition Check if OCR tools can successfully recognize Captcha content. Absolute Path Retrieval Check if Captcha images are accessible via absolute paths. www.infosectrain.com

  17. JWT Token testing Test Case Result Test Name Check if the application’s secret key is resistant to brute-force attacks. Brute-Forcing Secret Keys Creating a Fresh Token Using the “none” Algorithm Verify if the application accepts or rejects tokens signed with the “none” algorithm. Changing the Signing Algorithm of the Token Check how the application responds to changes in the signing algorithm. Signing the Asymmetrically-Signed Token to Symmetric Algorithm Match Check if the application allows signing transitions from asymmetric to symmetric algorithms. www.infosectrain.com

  18. Websockets Testing Test Name Test Case Result Intercepting and Modifying WebSocket Messages Check intercept WebSocket messages and modify the content. WebSockets Man-in-the-Middle (MITM) Attempts Perform a Man-in-the-Middle attack on WebSocket communication. Check if the WebSocket implementation relies on secret headers for authentication. Test Secret Header WebSocket Content Stealing in Websockets Check if access to sensitive data is transmitted via WebSocket. Token Authentication Testing in Websockets Evaluate if the token-based authentication is secure. www.infosectrain.com

  19. GraphQL Vulnerabilities Testing Test Name Test Case Result Identify instances where authorization checks are not consistently applied across different parts of the GraphQL schema. Inconsistent Authorization Checks Identifies any custom scalar types that do not have adequate validation for input values. Missing Validation of Custom Scalars Evaluate whether rate-limiting is adequately enforced to prevent abuse or DoS attacks. Failure to Appropriately Rate-Limit Determine if the server allows introspection queries that can reveal schema details. Introspection Query Enabled/Disabled www.infosectrain.com

  20. WordPress Common Vulnerabilities Test Name Test Case Result Identify if there are any exposed services or ports that may be susceptible to XSPA. XSPA in WordPress Check if the application effectively prevents or mitigates brute-force login attempts. Bruteforce in wp-login.php Information Disclosure WordPress Username Enumerate usernames and confirm if the application reveals valid usernames. Ensure that backup files or sensitive configuration files are not accessible. Backup File wp-config Exposed Confirm if log files containing sensitive data are improperly exposed to unauthorized users. Log Files Exposed Denial of Service via load-styles.php Assess if the file can be abused to launch DoS attacks. www.infosectrain.com

  21. Denial of Service Test Name Test Case Result Check if the application can handle an excessive number of cookies effectively. Cookie Bomb Assess the application for vulnerabilities related to “Pixel Flood” attacks. Pixel Flood (Using Image with Huge Pixels) Frame Flood (Using GIF with Huge Frame) Check for the application for potential “Frame Flood” vulnerabilities. Assess if the application is susceptible to ReDoS attacks due to insecure regular expressions. ReDoS (Regex DoS) CPDoS (Cache Poisoned Denial of Service) Check if attackers can poison the application’s cache to cause a DoS condition. www.infosectrain.com

  22. Security Headers Testing Test Name Test Case Result Ensure the application has X-Frame-Options set to DENY or allow specific domains. X Frame Options Header Testing X-XSS-Protection Header Testing Verify the existence and settings of the X-XSS-Protection header. Evaluate the presence and configuration of the HTTP Strict Transport Security (HSTS) header. HSTS Header Testing Check the presence and configuration of the Content Security Policy (CSP) header. CSP Header Testing Check for the presence and correct configuration of Cache Control headers. Cache Control Header Testing www.infosectrain.com

  23. Role Authorization Testing Test Name Test Case Result Verify the application’s access control by attempting to access high-privileged resources with normal user privileges. Access Control Testing Verify forced browsing attempts to access restricted or unlinked resources. Forced Browsing Testing Insecure Direct Object Reference (IDOR) Testing Check for IDOR vulnerabilities by attempting to access objects and data outside of the authorized scope. Assess the application’s vulnerability to parameter tampering for privilege escalation. Parameter Tampering Testing www.infosectrain.com

  24. Blind OS Command Injection Testing Test Name Test Case Result Check if the application prevents time-based command injection. Time Delays Output Redirection Conduct blind OS command injection with out-of-band interactions. www.infosectrain.com

  25. Broken Cryptography Test Name Test Case Result Check for implementation flaws, such as hard-coded encryption keys, weak algorithms, or improper initialization vectors. Cryptography Implementation Flaw Verify if sensitive information, even when encrypted, can be compromised due to data leaks, insecure key storage, or weak encryption. Encrypted Information Compromised Identify encryption mechanisms in use and check if weak ciphers are employed. Weak Ciphers Used for Encryption www.infosectrain.com

  26. Found this useful? To Get More Insights Through ourFREE Course | Workshops | eBooks | White Paper Checklists | Mock Tests Press the Icon & www.infosectrain.com

More Related