🔰Basic Web Application Testing Checklist for Beginners🔰
Hi,
In this article, you can see the listed basic checklist to start with the Web Application Testing. There is lot more vulnerabilities are there and those will be updated in the future post. Here are the basic Web Application Vulnerability checklist for absolute beginners.
Click-jacking
Plain-text communication
Password Hashing
Email Address Disclosure
Cookies without HTTP only
Missing Secure attribute
HTTPS method-Option Method enabled
Method interchange
Default server page disclosure
Server version disclosure
Trace.axd
Robots.txt, Sitemap.xml
Application error
Improper error handling
File path disclosure
IP address disclosure
Sensitive information disclosure
Sensitive information in URL
Autocomplete enabled
Session Fixation
Weak Session Management
Session not Validate after logout
Session Hijacking
Multi-login
Session Token in URL
Session Timeout
Unrestricted file upload
Insecure direct object reference
Insecure Download
Unauthorized access
Change password feature missing
Change password without old password
Absence of complex / Weak password policy
Html 5 cross origin
Authorization Bypass
Weak encoding / encryption
Parameter Manipulation
Directory Listing, Indexing
Cache-able HTTPS
Default credentials
Default / admin page disclosure
Test page
Anti-automation
Blind SQL injection
Html injection
Invalidated redirect &Fwd
OTP bypass
Cross-domain referrer leakage
CSRF – Cross Site Request Forgery
XSS – Cross Site Scripting
SQL injection
Brute force
Account Lockout
Sensitive information in source code
User enumeration
➖ @DarkDenial ➖
Hi,
In this article, you can see the listed basic checklist to start with the Web Application Testing. There is lot more vulnerabilities are there and those will be updated in the future post. Here are the basic Web Application Vulnerability checklist for absolute beginners.
Click-jacking
Plain-text communication
Password Hashing
Email Address Disclosure
Cookies without HTTP only
Missing Secure attribute
HTTPS method-Option Method enabled
Method interchange
Default server page disclosure
Server version disclosure
Trace.axd
Robots.txt, Sitemap.xml
Application error
Improper error handling
File path disclosure
IP address disclosure
Sensitive information disclosure
Sensitive information in URL
Autocomplete enabled
Session Fixation
Weak Session Management
Session not Validate after logout
Session Hijacking
Multi-login
Session Token in URL
Session Timeout
Unrestricted file upload
Insecure direct object reference
Insecure Download
Unauthorized access
Change password feature missing
Change password without old password
Absence of complex / Weak password policy
Html 5 cross origin
Authorization Bypass
Weak encoding / encryption
Parameter Manipulation
Directory Listing, Indexing
Cache-able HTTPS
Default credentials
Default / admin page disclosure
Test page
Anti-automation
Blind SQL injection
Html injection
Invalidated redirect &Fwd
OTP bypass
Cross-domain referrer leakage
CSRF – Cross Site Request Forgery
XSS – Cross Site Scripting
SQL injection
Brute force
Account Lockout
Sensitive information in source code
User enumeration
➖ @DarkDenial ➖