Web App Pentest Checklist

⌘Ctrlk

Web App Pentest Checklist

Recon
Registration Feature Testing
Email Verification Bypass
Forgot Password
Forgot Password Testing
Rate Limit Bypass
Account Takeover
API Authentication
Session Management Testing
Authentication Testing
My Account (Post Login) Testing
Contact Form Testing
Product Purchase Testing
Open Redirection Testing
Host Header Injection
SQL Injection Testing
Cross-Site Scripting Testing
CSRF Testing
SSO Vulnerabilities
XML Injection Testing
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
CAPTCHA Testing
File Upload Testing
WebSockets Testing
GraphQL Vulnerabilities Testing
Denial of Service
RCE
Other Test Cases (All Categories)
- Check for security headers and at least
Extra Reference

Powered by GitBook

On this page

Other Test Cases (All Categories)

Testing for Role authorization

Check if normal users can access the resources of high privileged users?
Forced browsing
Insecure direct object reference
Parameter tampering to switch user account to high privileged user

Blind OS command injection

using time delays
by redirecting output
with out-of-band interaction
with out-of-band data exfiltration

Command injection on CSV export (Upload/Download)
CSV Excel Macro Injection
If you find a phpinfo.php file, check for the configuration leakage and try to exploit any network vulnerability.
Parameter Pollution Social Media Sharing Buttons

PreviousRCE NextCheck for security headers and at least

Last updated 2 years ago