Information Gathering |
Conduct Search Engine Discovery and Reconnaissance for Information Leakage |
|
|
Fingerprint Web Server ⭐ |
|
|
Review Webserver Metafiles for Information Leakage ⭐ |
|
|
Enumerate Applications on Webserver ⭐ |
|
|
Review Webpage Comments and Metadata for Information Leakage ⭐ |
|
|
Identify application entry points |
|
|
Map execution paths through application |
|
|
Fingerprint Web Application Framework ⭐ |
|
|
Fingerprint Web Application |
|
|
Map Application Architecture |
|
Configuration and Deploy Management Testing |
Test Network/Infrastructure Configuration |
|
|
Test Application Platform Configuration |
|
|
Test File Extensions Handling for Sensitive Information |
|
|
Review Old, Backup and Unreferenced Files for Sensitive Information |
|
|
Enumerate Infrastructure and Application Admin Interfaces ⭐ |
|
|
Test HTTP Methods ⭐ |
|
|
Test HTTP Strict Transport Security ⭐ |
|
|
Test RIA Cross Domain Policy |
|
|
Test File Permission |
|
|
Test for Subdomain Takeover |
|
|
Test Cloud Storage |
|
Identity Management Testing |
Test Role Definitions |
|
|
Test User Registration Process |
|
|
Test Account Provisioning Process |
|
|
Testing for Account Enumeration and Guessable User Account ⭐ |
|
|
Testing for Weak or Unenforced Username Policy ⭐ |
|
Authentication Testing |
Testing for Credentials Transported over an Encrypted Channel |
|
|
Testing for Default Credentials |
|
|
Testing for Weak Lock Out Mechanism |
|
|
Testing for Bypassing Authentication Schema |
|
|
Testing for Vulnerable Remember Password |
|
|
Testing for Browser Cache Weaknesses |
|
|
Testing for Weak Password Policy |
|
|
Testing for Weak Security Question Answer |
|
|
Testing for Weak Password Change or Reset Functionalities |
|
|
Testing for Weaker Authentication in Alternative Channel |
|
Authorization Testing |
Testing Directory Traversal File Include |
|
|
Testing for Bypassing Authorization Schema |
|
|
Testing for Privilege Escalation |
|
|
Testing for Insecure Direct Object References |
|
Session Management Testing |
Testing for Session Management Schema |
|
|
Testing for Cookies Attributes |
|
|
Testing for Session Fixation |
|
|
Testing for Exposed Session Variables |
|
|
Testing for Cross Site Request Forgery |
|
|
Testing for Logout Functionality |
|
|
Testing Session Timeout |
|
|
Testing for Session Puzzling |
|
Data Validation Testing |
Testing for Reflected Cross Site Scripting ⭐ |
|
|
Testing for Stored Cross Site Scripting |
|
|
Testing for HTTP Verb Tampering ⭐ |
|
|
Testing for HTTP Parameter Pollution ⭐ |
|
|
Testing for SQL Injection |
|
|
Testing for Oracle |
|
|
Testing for MySQL |
|
|
Testing for SQL Server |
|
|
Testing PostgreSQL |
|
|
Testing for MS Access |
|
|
Testing for NoSQL Injection |
|
|
Testing for LDAP Injection |
|
|
Testing for ORM Injection |
|
|
Testing for XML Injection |
|
|
Testing for SSI Injection |
|
|
Testing for XPath Injection |
|
|
Testing for IMAP SMTP Injection |
|
|
Testing for Code Injection |
|
|
Testing for Local File Inclusion |
|
|
Testing for Remote File Inclusion |
|
|
Testing for Command Injection |
|
|
Testing for Format String Injection |
|
|
Testing for Incubated Vulnerability |
|
|
Testing for HTTP Splitting Smuggling |
|
|
Testing for HTTP Incoming Requests |
|
|
Testing for Client-side |
|
|
Testing for Host Header Injection |
|
|
Testing for Server-side Template Injection |
|
Error Handling |
Testing for Improper Error Handling ⭐ |
|
Cryptography |
Testing for Weak Encryption ⭐ |
|
|
Testing for Padding Oracle ⭐ |
|
|
Testing for Sensitive Information Sent via Unencrypted Channels ⭐ |
|
|
Testing for Weak Transport Layer Security ⭐ |
|
Business Logic Testing |
Test Business Logic Data Validation |
|
|
Test Ability to Forge Requests ⭐ |
|
|
Test Integrity Checks |
|
|
Test for Process Timing ⭐ |
|
|
Test Number of Times a Function Can Be Used Limits ⭐ |
|
|
Testing for the Circumvention of Work Flows ⭐ |
|
|
Test Defenses Against Application Misuse ⭐ |
|
|
Test Upload of Unexpected File Types |
|
|
Test Upload of Malicious Files |
|
Client Side Testing |
Testing for DOM-Based Cross Site Scripting ⭐ |
|
|
Testing for JavaScript Execution |
|
|
Testing for HTML Injection |
|
|
Testing for Client-side URL Redirect |
|
|
Testing for CSS Injection |
|
|
Testing for Client-side Resource Manipulation |
|
|
Testing Cross Origin Resource Sharing |
|
|
Testing for Cross Site Flashing |
|
|
Testing for Clickjacking |
|
|
Testing WebSockets |
|
|
Testing Web Messaging |
|
|
Testing Browser Storage |
|
|
Testing for Cross Site Script Inclusion |
|