Web App Pentest Checklist

⌘Ctrlk

Web App Pentest Checklist

Recon
Registration Feature Testing
Email Verification Bypass
Forgot Password
Forgot Password Testing
Rate Limit Bypass
Account Takeover
API Authentication
Session Management Testing
Authentication Testing
My Account (Post Login) Testing
Contact Form Testing
Product Purchase Testing
Open Redirection Testing
Host Header Injection
SQL Injection Testing
Cross-Site Scripting Testing
CSRF Testing
SSO Vulnerabilities
XML Injection Testing
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
CAPTCHA Testing
File Upload Testing
WebSockets Testing
GraphQL Vulnerabilities Testing
Denial of Service
RCE
Other Test Cases (All Categories)
- Check for security headers and at least
Extra Reference

Powered by GitBook

On this page

Other Test Cases (All Categories)

Check for security headers and at least

X Frame Options
X-XSS header
HSTS header
CSP header
Referrer Policy
Cache-Control
Public key pins

Broken Cryptography

Cryptography Implementation Flaw
Encrypted Information Compromised
Weak Ciphers Used for Encryption

Web Services Testing

Test for directory traversal
Web services documentation disclosure Enumeration of services, data types, input types boundaries and limits

PreviousOther Test Cases (All Categories)NextExtra Reference

Last updated 2 years ago