search

CyberDeathSicko / Web-Application-Security-Checklist

GNU General Public License v3.0
0 stars 1 forks source link

readme

Web Application Security Testing Checklist

Welcome to the Web Application Security Testing Checklist repository. This checklist serves as a comprehensive guide for ensuring the security of your web applications. Whether you're a seasoned professional or just starting, use this checklist to navigate through various security testing aspects.

Recon on Wildcard Domain
Subdomain Enumeration - Leverage tools like amass, subfinder, assetfinder, dnsgen, and massdns. - Utilize diverse wordlists and permutations for subdomain discovery. - Scrutinize DNS records for wildcard entries and potential subdomains.
SSL/TLS Certificate Analysis - Use CT logs (crt.sh) for certificate transparency. - Examine wildcard certificates, including expiration dates and issuer details.
Search Engine Dorking - Conduct targeted Google searches with advanced operators for subdomain discovery. - Utilize tools like Shodan and ZoomEye for exposed services.
Web Archives - Utilize the Wayback Machine to view historical files like robots.txt and URLs.
Network Information
BGP Lookup - Use BGP Lookup tools like bgp.he.net for checking IP target information. - Perform DNS-related checks using tools like DNSDumpster and DigWebInterface.
Subdomain Takeover - Utilize tools like Can I Take Over XYZ to check for subdomain takeover opportunities.
Passive Reconnaissance - Use Google Dorks for reconnaissance with advanced search operators. - Leverage threat intelligence gathering tools like theHarvester. - Perform WHOIS Lookup to gather domain registration information. - Analyze robots.txt for insights into the site's structure. - Spider the website for URLs using tools like gobuster. - Conduct DNS Enumeration using tools like dnsrecon.
Active Reconnaissance - Conduct advanced port scanning using Nmap. - Perform service fingerprinting with banner grabbing. - Utilize network sniffing fingerprinting using Nmap scripts. - Check for subdomain takeover using tools like subjack. - Scan the web application using tools like nikto and gobuster. - Conduct SSL/TLS vulnerability checks with testssl.sh. - Verify HTTP security headers using gobuster.
Bug Testing
Injection Vulnerabilities - Test for SQL injection vulnerabilities. - Check for OS command injection vulnerabilities. - Assess LDAP injection vulnerabilities.
Cross-Site Scripting (XSS) - Test for reflected XSS vulnerabilities. - Check for stored XSS vulnerabilities. - Assess DOM-based XSS vulnerabilities.
Cross-Site Request Forgery (CSRF) - Test for CSRF vulnerabilities. - Verify the effectiveness of CSRF protection mechanisms.
Security Misconfigurations - Check for exposed sensitive information. - Test for default credentials on administrative interfaces. - Verify secure configuration of cloud services.
Insecure Direct Object References (IDOR) - Test for IDOR vulnerabilities. - Verify that users cannot access unauthorized resources.
Server-Side Request Forgery (SSRF) - Test for SSRF vulnerabilities. - Verify that the application filters or blocks malicious requests.
File Upload Security - Test for unrestricted file uploads. - Check for proper validation of file types and content. - Verify secure storage and access controls for uploaded files.
XML External Entity (XXE) Injection - Test for XXE vulnerabilities in XML parsing. - Verify that XML inputs are properly validated and sanitized.
Security Headers - Check for the presence and effectiveness of security headers. - Include headers such as Content Security Policy (CSP) and Strict-Transport-Security (HSTS).
Clickjacking - Test for clickjacking vulnerabilities. - Verify that UI elements cannot be embedded in iframes without proper controls.
Business Logic Testing - Test for logical flaws in the application workflow. - Verify the enforcement of business rules and access controls. - Assess the impact of parameter manipulation on business processes.
Cryptographic Vulnerabilities - Check for weak or deprecated cryptographic algorithms. - Verify the secure storage and transmission of sensitive information.
Mobile-specific Vulnerabilities - Test for mobile application-specific vulnerabilities. - Verify the security of APIs used by mobile applications. - Assess the storage and handling of sensitive information on mobile devices.
API Security - Test the security of APIs for vulnerabilities. - Verify proper authentication and authorization mechanisms. - Assess the handling of input data and error messages.
IoT-specific Vulnerabilities - Test for security vulnerabilities in IoT devices. - Assess the communication security of IoT devices. - Verify the security of firmware and update mechanisms.

Feel free to contribute and improve this checklist for the benefit of the community.

Contributors - [Sicko] - [Reconnaissance Command Line Helpful Guide](https://docs.google.com/document/d/1TPPJwzTl8-sqQCLV7dJoKG-0oqDTLdaKcaQUZBA0vmU/edit#heading=h.ab50wugjcygo)

Sources: