Web App Pentest Checklist

⌘Ctrlk

Web App Pentest Checklist

Recon
Registration Feature Testing
Email Verification Bypass
Forgot Password
Forgot Password Testing
Rate Limit Bypass
Account Takeover
API Authentication
Session Management Testing
Authentication Testing
My Account (Post Login) Testing
Contact Form Testing
Product Purchase Testing
Open Redirection Testing
Host Header Injection
SQL Injection Testing
Cross-Site Scripting Testing
CSRF Testing
SSO Vulnerabilities
XML Injection Testing
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
CAPTCHA Testing
File Upload Testing
WebSockets Testing
GraphQL Vulnerabilities Testing
Denial of Service
RCE
Other Test Cases (All Categories)
Extra Reference

Powered by GitBook

On this page

CSRF Testing

The application has an Anti-CSRF token implemented

Removing the Anti-CSRF Token
Altering the Anti-CSRF Token
Using the Attacker’s Anti-CSRF Token
Spoofing the Anti-CSRF Token
Using guessable Anti-CSRF Tokens
Stealing Anti-CSRF Tokens

PreviousXSS Firewall Bypass NextApplication uses Double Submit Cookie

Last updated 2 years ago