Web App Pentest Checklist

⌘Ctrlk

Web App Pentest Checklist

Recon
Registration Feature Testing
Email Verification Bypass
Forgot Password
Forgot Password Testing
Rate Limit Bypass
Account Takeover
API Authentication
Session Management Testing
Authentication Testing
My Account (Post Login) Testing
Contact Form Testing
Product Purchase Testing
Open Redirection Testing
Host Header Injection
SQL Injection Testing
Cross-Site Scripting Testing
CSRF Testing
SSO Vulnerabilities
XML Injection Testing
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
CAPTCHA Testing
File Upload Testing
WebSockets Testing
GraphQL Vulnerabilities Testing
Denial of Service
RCE
Other Test Cases (All Categories)
Extra Reference

Powered by GitBook

On this page

Cross-origin resource sharing (CORS)

Errors parsing Origin headers
Whitelisted null origin value

PreviousXML Injection Testing NextServer-side request forgery (SSRF)

Last updated 2 years ago