Web Application Penetration Test Checklist | Part - 01
source link: https://dev.to/rahulmishra05/web-application-penetration-test-checklist-part-01-4bf
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Web Application Penetration Test Checklist | Part - 01
In this article I am going to share a checklist which you can use when you are doing a penetration test on a website, you can also use this list as a reference in bug bounties. This is beginner’s friendly list, so they can look it for reference.
Before stating the list I want to make something clear, that before you start using this list for finding bugs/vulnerabilities make sure that you have already completed the first step which is *Reconnaissance*. Otherwise you will find it hard to find bug/vulnerabilities.
You are not genius! Remember this thing, so if you don’t understand something just Google about it and so some research, I also don’t know everything and there could be things that I have missed, so don’t worry and keep learning.
General things to do
- Create 2 accounts on the same website if it has login functionality. You can use this extension to use same browser for creating different accounts on the same website.
- Try directory forcing using tools like Dirsearch, FeroBuster, Ffuf, might be possible some directory may reveal sensitive information.
Login page
- Session expiration
- Improper session validation
OAuth bypass (it includes features like login with Google, Microsoft, Instagram or any)
- OAuth token stealing
- Authentication bypass
- Privilege escalation
Registration page
- XML file upload using SVG (if website asks for documents upload or profile upload then you can try this)
- Bypassing limitation on file types to upload (if they just allow jpg, png then try to upload
.php
or.py
) - Bypassing mobile or email verification
- Brute forcing OTP sent
- Try inserting XSS payload whenever possible (like If you can enter payload in first name/last name/address etc text box makes sure to enter because sometimes it may reflects somewhere else or maybe it’s stored XSS).
Forgot password page
- Password reset poisoning (kind of similar way we do host header injection)
- Reset token/link expiring (maybe they pay)
- Reset token leaks (this can happen when some website interacts to third party services at that point of time maybe password reset token is sent via referrer part and maybe it can leak)
- Check for sub-domain takeover.
- Check for older version of service is being used by your target and if they so try to find existing exploit for the target.
So this was all about some basic things to check while doing penetration test on a website or in a bug bounty program. Hope you liked it and learned something new from it.
If you have any doubt, question, quires related to this topic or just want to share something with me, than please feel free to contact me.
🖥 My personal blog
📱 Contact Me
Twitter,
LinkedIn,
Telegram,
Instagram,
📧 Write a mail
🚀 Other links
Recommend
-
108
GOWAPT - Go Web Application Penetration Test GOWAPT is the younger brother of wfuzz a swiss army knife of WAPT, it allow pentester to perform huge activity with no stress at a...
-
37
README.md
-
3
The pedantic checklist for changing your data model in a web application 2021-06-07 • Raphael Let's say you have a web app with some database. In your database you have an Invoice model, where you store thin...
-
3
-
11
The Debugger Checklist – Part II University didn't teach...
-
7
Metamodel (Ecore) Design Checklist - part 2 This article is the second part of a series focusing on metamode...
-
5
Metamodel (Ecore) Design Checklist - part 1 Be meticulous with the model describing your domain!
-
4
[Kubernetes, Cloud, FinOps, Cloud Native] FinOps In Practice: Best Practices Checklist Part 2 Part 2 of the FinOps In Practice: Best Practices Checklist reviewing th...
-
2
4 Major Steps Of Web Application Penetration Testing In this a...
-
8
US Markets Loading... In the news ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK