WebHacking
....
Task Checklist
Recon and analysis
- Manual application discovery
- Automated discovery(Subdomaintakeover)
- Harvesting public information
Session management
- Session fixation
- Weak session token quality
- Weak session token management
- Weak logout
- Cross-site request forgery
- Weak CORS
- Session token protection
- No session timeout
- Session encryption (SSL/TLS)
Authentication
- Password strength enforcement
- Authentication bypass
- Unauthenticated URL access
- Password brute force
- Default account(admin)
Authorization
- Insecure authorization design
- Only client side authorization
- Variable manipulation
- Direct access to resources
- IDOR
Client side attacks
- Reflected XSS
- Stored XSS
- DOM based XSS
- Wrong content-type
- HTTP header injection
- Malicious URL redirect
- Clickjacking
Miscellaneous tests
- LFI
- RFI
- XML external entity injection
- OS command injection
- SQL injection
- Malicious file upload
Information disclosure
- Backup files
- Leaking stackt-traces
- Comments
- Path disclosure
- Directory listing