Penetration Doc

## Web Application Penetration Testing Checklist And Tools > **Note:** This checklist is for overall functionality testing of a web application and does not include detailed testing of all potential vulnerabilities. The primary focus is on major security issues and general functionality and only applicable items will be tested.. #### Authentication - [ ] Test for default logins - [ ] Verify user-accessible authentication history - [ ] Test for authentication bypass - [ ] Check bruteforce protection mechanisms - [ ] Ensure password quality rules are enforced - [ ] Validate "remember me" functionality - [ ] Check if autocomplete is disabled on password forms/inputs - [ ] Test password reset and/or recovery processes - [ ] Verify password change process - [ ] Test CAPTCHA implementation - [ ] Check multi-factor authentication setup - [ ] Confirm logout functionality presence #### Session Management - [ ] Verify session tokens for cookie flags (httpOnly and secure) - [ ] Check session cookie scope (path and domain) - [ ] Ensure session cookie duration (expires and max-age) is set correctly - [ ] Confirm session termination after a maximum lifetime - [ ] Validate session termination after logout - [ ] Check if users can have multiple simultaneous sessions - [ ] Confirm that new session tokens are issued on login, role change, and logout #### CSRF and Clickjacking - [ ] Test for Cross-Site Request Forgery (CSRF) - [ ] Test for clickjacking vulnerabilities #### Authorization - [ ] Test for bypassing authorization schema - [ ] Check for privilege access control problems - [ ] Verify authorization is not missing #### Injection Attacks - [ ] Test for HTML Injection - [ ] Test for Reflected Cross-Site Scripting (XSS) - [ ] Test for DOM-based XSS - [ ] Test for Stored XSS - [ ] Test for SQL Injection #### Fingerprinting Web Server - [ ] Find the type of Web Server - [ ] Find the version details of the Web Server #### Review The Web Contents - [ ] Inspect the page source for sensitive info - [ ] Try to find Sensitive Javascript codes - [ ] Try to find any keys - [ ] Make sure the autocomplete is disabled #### Testing HTTP Methods - [ ] Discover the supported methods - [ ] Ensure the PUT method is disabled - [ ] Ensure the OPTIONS method is disabled - [ ] Test access control bypass #### File Handling - [ ] Ensure file size limits, upload frequency, and total file counts are defined and enforced --- # Recommended Penetration Testing Tools **Categories of Penetration Testing Tools:** * Network Scanners: Identify open ports, services, and potential vulnerabilities on networked systems. * Vulnerability Scanners: Detect known vulnerabilities in systems and applications by comparing them against a database of known issues. * Exploitation Frameworks: Provide a platform to develop and execute exploit code against target systems. * Password Crackers: Attempt to recover passwords from data stored or transmitted by computer systems. * Web Application Testing Tools: Specifically designed to find vulnerabilities in web applications, such as SQL injection, XSS, and CSRF. * Wireless Network Tools: Assess the security of wireless networks, including cracking Wi-Fi passwords and analyzing wireless traffic. * Forensic Tools: Assist in the analysis of systems to discover evidence of attacks or malicious activities. **General Security Testing** Burp Suite – Web vulnerability scanner and proxy tool. OWASP ZAP – Open-source web application security scanner. Nikto – Web server scanner for outdated versions and vulnerabilities. Wireshark **Authentication & Session Testing** Hydra – Password brute-force tool. Gobuster – Directory enumeration tool. Postman – API testing tool. **Injection Testing** SQLmap – Automated SQL injection detection and exploitation. NoSQLMap – NoSQL injection testing tool. **XSS & CSRF Testing** XSStrike – Advanced XSS detection tool. XSSer – Automated XSS scanner. **API Security Testing** Postman – API testing and debugging. Insomnia – API testing and debugging. JWT.io – JWT debugging tool. **File Upload & Access Control Testing** ExifTool – Metadata extraction for file upload testing. Metasploit – Exploitation framework. **HTTP Security Headers** SecurityHeaders.io – Online security header analysis. Mozilla Observatory – Security testing tool. Learning https://www.youtube.com/watch?v=e1DZYIddDrY