google-site-verification: google30a059f9a075f398.html

Web Application Penetration Testing Cheat Sheet

What is Needed for Web Application Penetration Test?

Web application pen testing is a way to identify, analyze, and report on vulnerabilities in targeted web applications, including buffer overflows, Bypass Authentication, code execution, input validation, SQL injection, CSRF, cross-site scripting with the target web Application for Penetration Testing.

Repeatable Testing and Conduct – a critical method – One of the best ways to conduct Penetration testing for all types of Web application vulnerabilities are.

Information Gathering

1. Use a tool called GNU Wget to retrieve and analyze the robot.txt file.

2. Check software. database version information, the error technical components, error code with request invalid page.

3. Conduct DNS anti-inquiries, DNS domain name transfer, web-based DNS search and other technologies.

4. Perform directory style search and vulnerability scanning, probing URLs, using tools such as NMAP and Nessus.

5. Use Burp Proxy, OWSAP ZAP, TemperIE, WebscarabTemper Data to identify the application’s entry point.

6. Perform TCP / ICMP and service fingerprinting using traditional fingerprinting tools such as Nmap, Amap.

7. Request common file extensions such as .ASP, EXE, .HTML, .PHP, and test for recognized file types / extensions / directories.

8. Check the source code in the application’s front-end access page.

Authentication test

1. Check if you can “re-use” the session after logging out, and check if the application automatically logs out users for a period of time.

Check if there is sensitive information stored in the browser cache.

3. Check and try to reset the password, and correct resolving secret problems and guesswork through social engineering.

4. Check if the “Remember my password” mechanism is implemented by examining the login page’s HTML code.

5. Check that the hardware device is communicating and isolated directly with the authentication infrastructure using the additional communication channel.

6. Test CAPTCHA for an authentication vulnerability.

7. Check for weak security issues/answers.

Authorization  test

Test roles and privileged operations to access resources.

2. Test the path traversal by performing an input vector enumeration and analyze the input validation functions presented in the web application.

3. Use the web spider tool to test the cookie and parameter temper.

4. Test the HTTP Request Tempering to see if you have gained unauthorized access to reserved resources.

Configure management tests

1. Check the directory and file enumeration review server and application documentation. Also, check the infrastructure and application management interface.

2. Analyze the web server “banner” and perform a network scan.

3. Check and verify the existence of old documents and backups as well as references such as source code, password, installation path.

4. Use NMAP and NESSUS to examine and identify the ports associated with the SSL / TLS service.

5. Use Netcat and Telnet to view the options HTTP method.

6. Test the credentials of the HTTP method and the XST legitimate user.

7. Execute the application configuration management test to see the source code, log files, and default error code information.

Session Management Test

1. Check the URL in the restricted area to test for cross-view request forgery.

2. Test the exposed session variables by checking session tokens, proxies and caching, GET and POST encryption and reuse.

3. Collect a sufficient number of cookie samples and analyze cookie sample algorithms and falsify a valid cookie to perform the attack.

4. Test the cookie properties using an interception proxy (such as Burp Agent, OWASP ZAP) or traffic interception agent (such as Temper Data).

5. Test session fixed to avoid sealing user sessions (session Hijacking)

Data Verification Test

1 implementation of the source code analysis javascript coding error.

2 implementation of the joint query SQL injection test, standard SQL injection test, blind SQL query test, using tools such as sqlninja, sqldumper, sql power injector.

3. Analyze HTML code, test stored XSS, leverage stored XSS, use XSS agent, Backframe, Burp proxy, OWASP, ZAP, XSS assistant and other tools.

4. User and host sensitive information for LDAP injection testing.

5. Perform IMAP / SMTP injection test to access the back-end mail server.

6. XPATH injection test for confidential information

7. Perform an XML injection test to learn about the XML structure.

8. Execute the code injection test to identify the input validation error.

9. Perform buffer overflow tests on stack and heap memory information and application control flow.

10. Test HTTP Splitting and smuggling of cookies and HTTP redirect information.

Denial of service test

1. Send a large number of requests to perform database operations, and observe any deceleration and new error messages.

2. Perform manual source code analysis and submit a series of different length inputs to the application

3. Test SQL wildcard attacks for application information testing.

4.Test for User Specifies whether the object allocates the maximum number of objects that an application can handle.

5. Enter the large number of input fields used by the application as cycle counters.

Use scripts to automatically submit a very long value, the server can record the request.