Please enable JavaScript.
Coggle requires JavaScript to display documents.
Web App Pen testing Methodology (Step3: Testing Configuration Management…
Web App Pen testing Methodology
Step1: Fingerprinting the web Application Environment
Step 1.1: Perform Basic WebSite FootPrinting, using Netcraft
Step 1.2: Manually Browse the Target Website
Step 1.3: Analyze the HTML source code
Step 1.4: Check HTTP and HTML processing by the Browser
Step 1.5: Perform Web Spiering
Step 1.6: Perform Search Engine Reconnaissance
Step 1.7: Determine Whether the Target is Load Balanced
Step 1.8: Determine Whether the Target is Protected, using a Web ApplicatIon Firewall (WAF)
Step 1.9: Perform Banner Grabbing to Identify the Target Web Server.
Step 1.10: Perform Web Server Finger Printing, using HTTPRecon
Step 1.11: Perform Advanced Web Server Fingerprinting, using HTTPRecon.
Step 1.12: Perform Service Discovery
Step 1.13: Identify Server-side Technology
Step 1.14: Identify the SiteMap of the Target Website
Step 2: Testing For Web Server Venerabilities
Step 2.1: Test for Default Credentials
Step 2.2: Test for Dangerous HTTP Methods
Step 2.3: Test for Proxy Functionality
Step 2.4: Test for Virtual Hosting Misconfiguration
Step 2.5: Test for Web Server software bugs
Step 2.6: Test for Server-Side include Injection attack
Step3: Testing Configuration Management
Step 3.1: Test the Inner Working of a web Application
Step 3.2: Test the Database connectivity
Step 3.3: Test the Application code
Step 3.4: Test the use of GET and POST in the Web application
Step 3.5: Test for improper Error Handling
Step 3.6: Identify funtionality
Step 3.7: Identify Entry Points for User Input
Step 3.8: Test for XSS
Step 3.9: Test for Parameter / Form Tampering
Step 3.10: Test for URL Manipulation
Step 3.11: Test for Hidden Field Manipulation Attack
Step 3.12: Perform Denial-of-Service Attack
Step 3.13: Check for Insufficient Transport Layer Protection
Step 3.14: Check for Weak SSL Ciphers
Step 3.15: Check for Insecure Cryptographic Storage
Step 3.16: Check for Unvalidated Redirects and Forwards
Step 4: Testing for client-side Vulnerabilities
Step 4.1: Test for Bad Data
Step 4.2: Test Transmission of Data via the client
Step 4.3: Test Client-side Controls over User Input
Step 4.4: Identify Client-side Scripting
Step 4.5: Test Thick-client Components
Step 4.6: Test ActiveX Controls
Step 4.7: Test Skockwave Flash Objects
Step 4.8: Check for Frame Injection
Step 4.9: Test with User Protection via Browser Settings
Step 5: Testing the Authentication Mechanism
Step 5.1: Understand the Mechanism
Step 5.2: Test Password Quality
Step 5.3: Test for Username Enumeration
Step 5.4: Test Resilience to Password Guessing
Step 5.5: Test Any Account Recovery Function and Remember Me Function
Step 5.6: Perform Password Brute-forcing
Step 5.7: Perform SessionID Prediction/Brute-forcing
Step 5.8: Perform Authorization Attack
Step 5.9: Perform HTTP Request Tampering
Step 5.10: Perform Authorization Attack - Cookie Parameter Tampering
Step 6: Testing Session Management Mechanism
Step 6.1: Understand the Mechanism
Step 6.2: Test Tokens for Meaning
Step 6.3: Session Token Prediction (Test Tokens for Predictability)
Step 6.4: Check for insecure Transmission of Tokens
Step 6.5: Check for Disclosure of Tokens in Logs
Step 6.6: Check Mapping of Tokens to Sessions
Step 6.7: Test Session Termination
Step 6.8: Test for Session Fixation Attack
Step 6.9: Test for Session Hijacking
Step 6.10: Check for XSRF
Step 6.11: Check Cookie Scope
Step 6.12: Test Cookie Attacks
Step 7: Testing Authorization Controls
Step 7.1: Understand the Access Control Requirements
Step 7.2: Test with Multiple Accounts
Step 7.3: Test with Limited Access
Step 7.4: Test for Insecure Access Control Methods
Step 7.5: Test Segregation in Shared Infrastructures
Step 7.6: Test Segregation between ASP-hosted Applications
Step 9: Testing Web Services
Step 9.1: Test for XML Structure
Step 9.2: Test for XML Content-level
Step 9.3: Test for WS HTTP GET Parameters/REST Attacks
Step 9.4: Test for Suspicious SOAP attachments
Step 9.5: Test for XPATH Injection Attack
Step 9.6: Test for WS Replay
Step 8: Testing the Data Validation Mechanism
Step 8.1: Test for LDAP Injection
Step 10: Testing for Logic Flaws
Step 10.1: Identify the Key Attack Surface
Step 10.2: Test for Logic Flaws
Step 10.3: Test Multistage Processes
Step 10.4: Test Handling of Incomplete Input
Step 10.5: Test Trust Boundaries
Step 10.6: Test Transaction Logic
Designed by: DoaiTran