Web Application Penetration Testing Checklist – A Detailed Cheat Sheet
What is Web Application Penetration Testing?
Web Application Pen testing is a method of identifying, analyzing and Report the vulnerabilities which exist on the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, and Cross Site Scripting (XSS) in the target web Application that is given for Penetration Testing.
Repeat testing and conduct a series of methods. One of the best methods is to conduct penetration testing for all kinds of web application vulnerabilities.
- Retrieve and Analyze the robot.txt files by using a tool called GNU Wget.
- Examine the version of software.database Details, the error technical component, bugs by the error codes by requesting invalid pages.
- Implement the techniques such as DNS inverse queries, DNS zone Transfers, web based DNS Searches.
- Perform Directory style Searching and vulnerability scanning, Probe for URLs, using tools such as NMAP and Nessus.
- Identify the Entry point of the application using OWSAP ZAP, Burb Proxy, TemperIE, WebscarabTemper Data.
- By using traditional Fingerprint Tool such as Nmap, Amap, perform TCP/ICMP and service Fingerprinting.
- By Requesting Common File Extension such as .ASP, .EXE, .HTML, .PHP ,Test for recognized file types/Extensions/Directories.
- Examine the Sources code From the Accessing Pages of the Application front end.
- Check if it is possible to “reuse” the session after Logout.also check if the application automatically logs out a user has idle for a certain amount of time.
- Check whether any sensitive information Remain Stored stored in browser cache.
- Check and try to Reset the password, by social engineering crack secretive questions and guessing.
- check if the “Remember my password” Mechanism is implemented by checking the HTML code of the login page.
- Check if the hardware devices directly communicate and independently with authentication infrastructure using additional communication channel.
- Test CAPTCHA for authentication vulnerabilities presented or not.
- Check whether any weak security questions/Answer are presented.
- Test the Role and Privilege Manipulation to Access the Resources.
- Test For Path Traversal by Performing input Vector Enumeration and analyze the input validation functions presented in the web application.
- Test for cookie and parameter Tempering using web spider tools.
- Test for HTTP Request Tempering and check whether gain illegal access to reserved resources.
Configuration Management Testing
- Check directory and File Enumeration review server and application Documentation. also, check the infrastructure and application admin interfaces.
- Analyze the Web server banner and Performing network scanning.
- Check and verify the presence of old Documentation and Backup and referenced files such as sources codes, passwords, installation paths.
- check and identify the ports associated with the SSL/TLS services using NMAP and NESSUS.
- Review OPTIONS HTTP method using Netcat and Telnet.
- Test for HTTP methods and XST for credentials of legitimate users.
- Perform application configuration management test to review the information of the source code, log files and default Error Codes.
Session Management Testing
- Check the URL’s in the Restricted area to Test for Cross Site Request Forgery.
- Test for Exposed Session variables by inspecting Encryption and reuse of session token, Proxies and caching, GET&POST.
- Collect a sufficient number of cookie samples and analyze the cookie sample algorithm and forge a valid Cookie in order to perform an Attack.
- Test the cookie attribute using intercept proxies such as Burb Proxy, OWASP ZAP, or traffic intercept proxies such as Temper Data.
- Test the session Fixation, to avoid seal user session.(session Hijacking )
Data Validation Testing
- Perform Union Query SQL injection testing, standard SQL injection Testing, blind SQL querY Testing, using tools such as SQLninja, SQLdumper, SQL power injector .etc.
- Analyze the HTML Code, Test for stored XSS, leverage stored XSS using tools such as XSS proxy, Backframe, Burb, XSS Assistant.
- Perform LDAP injection testing for sensitive information about users and hosts.
- Perform IMAP/SMTP injection Testing for Access the Backend Mail server.
- Perform XPATH Injection Testing for Accessing the confidential information
- Perform XML injection testing to know information about XML Structure.
- Perform Code injection testing to identify input validation Error.
- Perform Buffer Overflow testing for Stack and heap memory information and application control flow.
- Test for HTTP Splitting and smuggling for cookies and HTTP redirect information.
Denial of Service Testing
- Send Any Large number of Requests that perform database operations and observe any Slowdown and New Error Messages.
- Perform manual source code analysis and submit a range of input varying lengths to the applications
- Test for SQL wildcard attacks for application information testing.
- Test for User specifies object allocation whether a maximum number of object that application can handle.
- Enter Extreme Large number of the input field that used by the application as a Loop counter.
- Use a script to automatically submit an extremely long value for severing the request.