Penetration testing is the process of testing a software by trained security experts in order to find out its security vulnerabilities. Want more information visit website: https://hackercombat.com/go-web-application-penetration-testing-checklist/
What Should Go Into A Web Application Penetration Testing Checklist?
1. WHAT SHOULD GO INTO A
WEB APPLICATION
PENETRATION TESTING
CHECKLIST?
2. Penetration testing is the process of
testing a software by trained security
experts in order to find out its security
vulnerabilities.
WHAT IS PENETRATION
TESTING?
3. Let's take a look at some of the elements
every web application penetration testing
checklist should contain, in order for the
penetration testing process to turn out to
be really effective.
4. The entry point for spammers is often a
web application's contact form.
0 1
CONTACT FORM TESTING
5. It plays a huge role in scrutinizing the
traffic to your web application and pointing
out any malicious activity.
0 2
PROXY SERVER(S) TESTING
6. Spam email filters are functioning properly
and filtering the incoming and outgoing
traffic and blocking unsolicited emails.
0 3
SPAM EMAIL FILTER TESTING
7. Firewall is preventing undesirable traffic
from entering into your web application.
04
NETWORK FIREWALL TESTING
8. Check on various aspects associated with
your web application and network devices,
also make a list of the security
vulnerabilities they pose.
05
SECURITY VULNERABILITY
TESTING
9. Ensure all usernames and passwords are
encrypted and transferred over secure
"HTTPS" connection.
06
CREDENTIAL ENCRYPTION
TESTING
10. Cookies store data related to user
sessions. Information if it is exposed to
the hackers, the security of many users
who visit your website will be easily
compromised.
07
COOKIE TESTING
11. Open ports on the web server on which
your web application has been hosted also
present a good opportunity for hackers to
exploit your web application's security.
08
TESTING FOR OPEN PORTS
12. Ensure your web application locks itself
up after a specific number of unsuccessful
login attempts.
09
APPLICATION LOGIN PAGE
TESTING
13. Ensures all your error messages are
generic and do not reveal too much about
the problem.
10
ERROR MESSAGE TESTING
14. Review the HTTP methods used by your
web application to interact with your
clients.
11
HTTP METHOD(S) TESTING
15. Test all the usernames/passwords that are
making use of your web application.
12
USERNAME AND PASSWORD
TESTING
16. Ensure all files you upload to your web
application or server are scanned duly
before they are uploaded.
13
FILE SCANNING
17. SQL injection is one of the most popular
methods employed by hackers when it
comes to exploiting web applications and
websites.
14
SQL INJECTION TESTING
18. Also, ensure your web application resists
cross-site scripting or XSS attacks as
well.
15
XSS TESTING
19. Ensure your web application resists cross-
site scripting or XSS attacks as well.
16
XSS TESTING
20. Ensure that user sessions end upon log
off.
17
USER SESSION TESTING
21. Using appropriate testing tools ensure
your web application stays safe against
brute force attacks.
18
BRUTE FORCE ATTACK
TESTING
22. Also ensure your web application stays
safe against DoS (Denial of Service)
attacks by using appropriate testing tools.
19
DOS (DENIAL OF SERVICE)
ATTACK TESTING
23. Ensure directory browsing is disabled on
the web server which hosts your web
application.
20
DIRECTORY BROWSING: