Security testing checklist for application




1-Information gathering
  • Search engine discovered application
  • Spider, web application crawlers and robot.
  • Test for finger print.
2-Configuration management.
  • SSL/TLS testing.
  • Infrastructure configuration/interface.
  • Testing for file extensions.
  • Testing for HTTP methods.
3-Authentication testing
  • Testing for users enumeration.
  • Testing for guessable user account.
  • Brute force testing.
  • Testing for bypass authentication.
  • Testing for logout browsers cache management.
  • Testing for forgot&reset password.
  • Testing for CAPTCHA.
4-Session testing
  • Testing for cookies.
  • Testing for session management.
  • Testing for CSRF.
5-Authorisation.
  • Testing for path traversal.
  • Testing for bypass authorisation.
  • Testing for privilage escalation.
6-Buissiness logic
  • Testing for logic.
  • Testing for store reflected XSS.
  • Testing for store XSS.
  • Testing for DOM XSS.
  • Testing for SQL INJECTION.
  • Testing for cross site flashing.
7-Data validation testing
  • LDAP injection.
  • ORM injection.
  • Ssi injection.
  • CODE injection.
  • HTTP smugling.
8-Denial of sevice
  • Testing for SQL wildcard.
  • Attack.
  • Locking customer account.
  • Failure to release resource.
  • Storing too much data in session.
Email Post

Comments

Post a Comment

Popular Posts