WEB APP PENTESTING CHECKLIST

This OWASP based checklist was developed to include additional useful details and techniques for modern application assessments (Always in-progress)

Excel Version (in-depth) of Checklist is also available fore download here:

Scope configuration:

Nongreedy match .*?website.com$

INFORMATION GATHERING

Open Source Reconnaissance - WSTG-INFO-01

Fingerprinting Web Server - WSTG-INFO-02

Looking For Metafiles - WSTG-INFO-03

Enumerating Web Server’s Applications - WSTG-INFO-04

Review The Web Contents - WSTG-INFO-05

Identifying Application’s Entry Points - WSTG-INFO-06

Mapping Execution Paths - WSTG-INFO-07

Fingerprint Web Application Framework - WSTG-INFO-08, WSTG-INFO-09 (Merged)

Map Application Architecture - WSTG-INFO-10


CONFIGURATION & DEPLOYMENT MANAGEMENT TESTING

Test Network Configuration - WSTG-CONF-01

Test Application Configuration - WSTG- CONF-02

Test File Extension Handling - WSTG-CONF-03

Review Backup & Unreferenced Files - WSTG-CONF-04

Enumerate Infrastructure & Admin Interfaces - WSTG-CONF-05

Testing HTTP Methods - WSTG-CONF-06

Test HSTS - WSTG-CONF-07

Test RIA Cross Domain Policy - WSTG-CONF-08

Test File Permission - WSTG-CONF-09

Test For Subdomain Takeover - WSTG-CONF-10

Test Cloud Storage - WSTG-CONF-11

Testing for Content Security Policy - WSTG-CONF-12

Test Path Confusion - WSTG-CONF-13


IDENTITY MANAGEMENT TESTING

Test Role Definitions - WSTG-IDNT-01

Test User Registration Process - WSTG-IDNT-02

Test Account Provisioning Process - WSTG-IDNT-03

Testing For Account Enumeration - WSTG-IDNT-04

Test For Weak Username Policy - WSTG-IDNT-05


AUTHENTICATION TESTING

Test For Un-Encrypted Channel - WSTG-ATHN-01

Test For Default Credentials - WSTG-ATHN-02

Test For Weak Lockout Mechanism - WSTG-ATHN-03

Test For Bypassing Authentication Schema - WSTG-ATHN-04

Test For Vulnerable Remember Password - WSTG-ATHN-05

Test For Browser Cache Weakness - WSTG-ATHN-06

Test For Weak Password Policy - WSTG-ATHN-07

Testing For Weak Security Questions - WSTG-ATHN-08

Test For Weak Password Reset Function - WSTG-ATHN-09

Test For Weak Password Change Function - WSTG-ATHN-09

Test For Weak Authentication In Alternative Channel - WSTG-ATHN-10


AUTHORIZATION TESTING

Testing Directory Traversal File Include - WSTG-ATHZ-01

Testing Traversal With Encoding -

Testing Traversal With Different OS Schemes -

Test Other Encoding Techniques

Test Authorization Schema Bypass - WSTG-ATHZ-02

Test For Privilege Escalation - WSTG-ATHZ-03

Test For Insecure Direct Object Reference - WSTG-ATHZ-04

Testing for OAuth Weaknesses - WSTG-ATHZ-05


SESSION MANAGEMENT TESTING

Test For Session Management Schema - WSTG-SESS-01

Test For Cookie Attributes - WSTG-SESS-02

Test For Session Fixation - WSTG-SESS-03

Test For Exposed Session Variables - WSTG-SESS-04

Test For Back Refresh Attack

Test For Cross Site Request Forgery - WSTG-SESS-05

Test For Weak Logout Functionality - WSTG-SESS-06

Test For Session Timeout - WSTG-SESS-07

Test For Session Puzzling - WSTG-SESS-08

Test For Session Hijacking - WSTG-SESS-09

Testing JSON Web Tokens - WSTG-SESS-10


INPUT VALIDATION TESTING

Test For Reflected Cross Site Scripting - WSTG-INPV-01

Test For Stored Cross Site Scripting - WSTG-INPV-02

Test For HTTP Parameter Pollution - WSTG-INPV-04

Test For SQL Injection - WSTG-INPV-05

Test For LDAP Injection - WSTG-INPV-06

Testing For XML Injection - WSTG-INPV-07

Test For Server Side Includes - WSTG-INPV-08

Test For XPATH Injection - WSTG-INPV-09

Test For IMAP SMTP Injection - WSTG-INPV-10

Test For Code Injection - WSTG-INPV-11

Test For Local File Inclusion

Test For Remote File Inclusion

Test for Command Injection - WSTG-INPV-12

Test For Format String Injection - WSTG-INPV-13

Testing for Incubated Vulnerability - WSTG-INPV-14

Testing for HTTP Splitting Smuggling - WSTG-INPV-15

Testing for HTTP Incoming Requests - WSTG-INPV-16

Test For Host Header Injection - WSTG-INPV-17

Test For Server Side Template Injection - WSTG-INPV-18

Test For Server Side Request Forgery - WSTG-INPV-19

Testing for Mass Assignment - WSTG-INPV-20


ERROR HANDLING TESTING

Test For Improper Error Handling - WSTG-ERRH-01


WEAK CRYPTOGRAPHY TESTING

Test For Weak Transport Layer Security - WSTG-CRYP-01