[email protected]
Search…
[email protected]
About Calvin Lai (fkclai)
My Work
Exploit/CVE PoC
ZeroLogon Exploit
Remote Retrieved Chrome saved Encrypted Password
Twitter Control an RCE attack
Hacking Report (HTB)
Hits & Summary
Windows Machine
Linux Machine
Penetration Testing Checklists
Web Application PenTest
Network/System PenTest
Mobile Application PenTest
Red Team (Windows)
01 Reconnaissance
02 Privileges Escalation
03 Lateral Movement
04 AD Attacks
05 Bypass-Evasion
06 Kerberos Attack
99 Basic Command
Exploitation Guide
01 Reconnaissance
02 Port Enumeration
03 Web Enumeration
04 Windows Enum & Exploit
05 File Enumeration
06 Reverse Shell Cheat Sheet
07 SQL Injection
08 BruteForce
09 XSS Bypass Checklist
10 Spring Boot
11 WPA
12 Payload list
Vuln Hub (Writeup)
MrRobot
CYBERRY
MATRIX 1
Node-1
DPwwn-1
DC7
AiWeb-2
AiWeb-1
BrainPan
CTF (Writeup)
Hacker One
CTF Learn
P.W.N. University - CTF 2018
HITCON
Pwnable
Useful Command/Tools
Windows
Linux
Offensive Security Lab & Exam
Lab
Powered By GitBook
Web Application PenTest

Information Gathering/Information Leakage

  • Identify the product information with the latest version
  • Outdated components or known vulnerability (CVE) found in the identified product
  • Access to the default URL or admin page of the identified product
  • Any opening port other than 80 and 443
  • Any sensitive data found on the website

Encryption

  • HTTPS is enabled and only TLS 1.2 or above is available
  • Correctness of the certification information
  • SSL Certificate strength, at least > 2048 bits
  • Weak Ciphers are supported

Authentication

  • Only use the POST HTTP method to transfer the login data
  • Possible to change the valid session with another user id during the login process
  • Browser back to resend the login
  • Possible to identify user id from the application response/behaviour
  • Cached in session key or cookie with login information / sensitive data
  • Default / guessable login credentials used
  • Implemented effective logout mechanism, e.g. invalidate the session and login required
  • Implemented session timeout, e.g. max of 1 hour if no business requirement.
  • Implemented CAPTCHA or other brute force attack prevention mechanism
  • Implemented account locking mechanism
  • Does not allow multiple logins

Authorization

  • Possible to obtain higher-level function access
  • Possible to obtain other user’s data
  • Is the site structure guessable and accessible
  • Vulnerable to Path Traversal attack

Password Management

  • What is the password policy
  • Allow change password
  • Implemented maximal length of password
  • Vulnerable to the reset password process

Session / Cookie Management

  • Session-Id stored in the cookie only
  • Vulnerable to the Session fixation or CSRF attack
  • Session-Id change after login
  • Session-Id guessable
  • The cookie session lifetime setting, expired when the browser is closed
  • Restricted the cookie access within the same domain, HTTP Only and secure flag enable

Data Validation

  • Input data are parsed or encoded for output
  • Implemented the server-side parsing mechanism
  • SSRF
  • Vulnerable to Injection of
o XSS (included: Reflected, Stored and DOM Based )
o SQL (included: Error, Union, Boolean and time base)
o XPath
o XML
o Command
o LDAP

Web Service API

  • Guessable of the API service call
  • Authentication required
  • Authorization implemented
  • All input validate on the server-side
  • All input/output data format is defined with validation control

Others check

  • Clickjacking
  • Frame Tampering
  • Invalidated redirects and forwards
  • Secure HTTP Respond Header setting
  • Error handling
  • File upload control
Previous
Tabby
Next - Penetration Testing Checklists
Network/System PenTest
Last modified 2mo ago
Copy link
Contents
Information Gathering/Information Leakage
Encryption
Authentication
Authorization
Password Management
Session / Cookie Management
Data Validation
Web Service API
Others check