Web App Pentest Checklist

⌘Ctrlk

Web App Pentest Checklist

Recon
Registration Feature Testing
Email Verification Bypass
Forgot Password
Forgot Password Testing
Rate Limit Bypass
Account Takeover
API Authentication
Session Management Testing
Authentication Testing
My Account (Post Login) Testing
Contact Form Testing
Product Purchase Testing
Open Redirection Testing
Host Header Injection
SQL Injection Testing
Cross-Site Scripting Testing
CSRF Testing
SSO Vulnerabilities
XML Injection Testing
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
CAPTCHA Testing
File Upload Testing
WebSockets Testing
GraphQL Vulnerabilities Testing
Denial of Service
RCE
Other Test Cases (All Categories)
Extra Reference

Powered by GitBook

On this page

File Upload Testing

Upload the malicious file to the archive upload functionality and observe how the application responds
Upload a file and change its path to overwrite an existing system file
Large File Denial of Service
Metadata Leakage
ImageMagick Library Attacks
Pixel Flood Attack

Bypasses

Null Byte (%00) Bypass
Content-Type Bypass
Magic Byte Bypass
Client-Side Validation Bypass
Blacklisted Extension Bypass
Homographic Character Bypass

GitHub - jonaslejon/malicious-pdf: 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.shGitHub

vulnerability-Checklist/File Upload at main · Az0x7/vulnerability-ChecklistGitHub

PreviousCAPTCHA Testing NextWebSockets Testing

Last updated 10 months ago