# WAPT General L1 Checks
1. Google Dorking
2. Github Dorking
4. Server Version Enumeration
5. Front-end components known issues
6. Unencrypted HTTP Communication
7. Directory Listing
8. Host Header Injection
9. TRACE Method Enabled
### Response Headers Analysis
1. Clickjacking (X-Frame-Option)
2. Content Security Policy Header missing
3. Unnecessary Response Headers
>"Unnecessary response headers" refer to the HTTP headers that are included in the response sent by a web server to a client (typically a web browser) but don't provide any essential or relevant information for the functioning or security of the web application. These headers might expose certain details about the server, software, or technology stack being used, which can potentially be exploited by attackers to gather information about the target system and its vulnerabilities.
```
Example:
X-Powered-By
Server
X-AspNet-Version
X-AspNetMvc-Version
X-PHP-Version
```
5. Strict-Transport-Security Header missing [Reference](https://www.youtube.com/watch?v=-MWqSD2_37E)
6. Content-Type header missing
7. Security Headers Missing
* X-Content-Type-Options
* Referrer-Policy
* Permissions-Policy
### Browser Cache Weaknesses
1. Cache Control Headers
* Cache-Control
* Expires
* Pragma
2. User Enumeration at login
3. User Enumeration at Signup
```
Username, PhoneNo, Email, Userid etc.,
```
### Rate Limiting (Unauthenticated)
1. Captch Not Enabled for Sensitive forms
```
ContactUs Form, Feedback Form, Registration form, Forgot password etc.,
```
### Secure Cookie Attribute
1. Cookie without HTTPOnly flag
2. Cookie without Secure flag
### Registration Form
1. Lack of Email/phone number verification
2. Weak Password Policy
3. HTML/SSTI at Registration form (Input param reflected in Email template)
### After login General Checks
1. Sensitive Information in URL
2. Re-using old pasword
3. Lack of Password Confirmation for sensitive action
```
delete account, change password, change email
```
4. Failure to Invalidate Session on logout
```
Check if the application is cookie/custom token based authentication
```
5. Verbose Errors & Exception handling (Internal Path disclosure, backend DB error information etc.,)
6. Insecure Cross-Origin Resource Sharing
```
Verify for JSON Response, sensitive Requests
```
7. Input length validation for the sensitive parameter like username, first name etc.,
8. Broken Authentication
```
For sensitive requests, ensure unauthenticated access by removing all authentication headers, including cookies, JWTs, or any custom token.
```
9. verify the URLs of sensitive download files in an incognito browser.
#### **Input Validation**
1. Open Redirection
2. XML Content-Type validation
3. Request Spliting (CRLF Injection)
4. Response Spliting (CRLF Injection)
### JWT
1. Sensitive Information in JWT
2. JWT expiration
3. JWT Secret Bruteforce (Alg HS256/512)
### Client-Side JavaScript Analysis
1. Sensitive Information in Comments
2. Hardcoded Sensitive API keys/Credentials
3. AWS S3 Endpoints/Misconfigurations
4. Target Subdomains in the Client-Side Source code. (share the obtained information to L2 team)
```
Only collect the target subdomains in the Client-side Soure
```
5. Firebase EndPoint Enumeration/Misconfiguration
6. IP Addresss enumeration in the client-side Source code.
7. Third-Party services sensitive API keys enumeration
```
Example: Notice that the target application utilizes the Razorpay payment gateway. It might be worthwhile to search for the Razorpay secret key. Carefully analyse the applicaiton techstack and search for approriate sensitive keywords
```
### Abuse of functionality
1. OTP Flooding - Email
2. OTP Flooding - SMS
### Scans
```
Scans should also be performed on all subdomain of target, which are part of the target application funcationality.
example: https://www.example.com, https://api.example.com, https://payment.example.com etc.,
```
### SSL/TLS Analysis [sslscan](https://hackmd.io/@secureitmania/HJQIwoA9n)
8. Weak Protocols Enabled
9. Heartbleed Attack
10. Weak signature algorithm
11. TLS 1.2 Vulnerabilities
12. Secure Client-Initiated Renegotiation
13. Expired SSL Certificate
Sign in with Wallet
Connect another wallet