WebHacking

Task Checklist

Recon and analysis

• [ ] Harvesting public information
• [ ] Automated discovery
• [ ] Automated application discovery

Session management

• [ ] Session fixation
• [ ] Weak session token quality
• [ ] Weak session token management
• [ ] Weak logout
• [ ] Cross-site request forgery
• [ ] Weak CORS
• [ ] Session token protection
• [ ] No session timeout
• [ ] Session encryption (SSL/TLS)

Authentication

• [ ] Password strength enforcement
• [ ] Authentication bypass
• [ ] Unauthenticated URL access
• [ ] Password brute force
• [ ] Default account(admin)

Authorization

• [ ] Insecure authorization design
• [ ] Only client side authorization
• [ ] Variable manipulation
• [ ] Direct access to resources
• [ ] IDOR

Client side attacks

• [ ] Reflected XSS
• [ ] Stored XSS
• [ ] DOM based XSS
• [ ] Wrong content-type
• [ ] HTTP header injection
• [ ] Malicious URL redirect
• [ ] Clickjacking

Miscellaneous tests

• [ ] LFI/RFI
• [ ] SSRF
• [ ] XML external entity injection
• [ ] OS command injection
• [ ] SQL injection
• [ ] Malicious file upload

Information disclosure

• [ ] Backup files
• [ ] Leaking stackt-traces
• [ ] Comments
• [ ] Path disclosure
• [ ] Directory listing

FAQ