1 / 24

A Web Application Penetration Testing Checklist?

Penetration testing is the process of testing a software by trained security experts in order to find out its security vulnerabilities. Visit more information: https://hackercombat.com/web-application-penetration-testing-checklist/

Sandraemily
Download Presentation

A Web Application Penetration Testing Checklist?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WHAT SHOULD GO INTO A WEB APPLICATION PENETRATION TESTING CHECKLIST?

  2. WHAT IS PENETRATION TESTING? Penetration testing is the process of testing a software by trained security experts in order to find out its security vulnerabilities.

  3. Let's take a look at some of the elements every web application penetration testing checklist should contain, in order for the penetration testing process to turn out to be really effective.

  4. 0 1 CONTACT FORM TESTING The entry point for spammers is often a web application's contact form.

  5. 0 2 PROXY SERVER(S) TESTING It plays a huge role in scrutinizing the traffic to your web application and pointing out any malicious activity.

  6. 0 3 SPAM EMAIL FILTER TESTING Spam email filters are functioning properly and filtering the incoming and outgoing traffic and blocking unsolicited emails.

  7. 04 NETWORK FIREWALL TESTING Firewall is preventing undesirable traffic from entering into your web application.

  8. 05 SECURITY VULNERABILITY TESTING Check on various aspects associated with your web application and network devices, also make a list of the security vulnerabilities they pose.

  9. 06 CREDENTIAL ENCRYPTION TESTING Ensure all usernames and passwords are encrypted and transferred over secure "HTTPS" connection.

  10. 07 COOKIE TESTING Cookies store data related to user sessions. Information if it is exposed to the hackers, the security of many users who visit your website will be easily compromised.

  11. 08 TESTING FOR OPEN PORTS Open ports on the web server on which your web application has been hosted also present a good opportunity for hackers to exploit your web application's security.

  12. 09 APPLICATION LOGIN PAGE TESTING Ensure your web application locks itself up after a specific number of unsuccessful login attempts.

  13. 10 ERROR MESSAGE TESTING Ensures all your error messages are generic and do not reveal too much about the problem.

  14. 11 HTTP METHOD(S) TESTING Review the HTTP methods used by your web application to interact with your clients.

  15. 12 USERNAME AND PASSWORD TESTING Test all the usernames/passwords that are making use of your web application.

  16. 13 FILE SCANNING Ensure all files you upload to your web application or server are scanned duly before they are uploaded.

  17. 14 SQL INJECTION TESTING SQL injection is one of the most popular methods employed by hackers when it comes to exploiting web applications and websites.

  18. 15 XSS TESTING Also, ensure your web application resists cross-site scripting or XSS attacks as well.

  19. 16 XSS TESTING Ensure your web application resists cross- site scripting or XSS attacks as well.

  20. 17 USER SESSION TESTING Ensure that user sessions end upon log off.

  21. 18 BRUTE FORCE ATTACK TESTING Using appropriate testing tools ensure your web application stays safe against brute force attacks.

  22. 19 DOS (DENIAL OF SERVICE) ATTACK TESTING Also ensure your web application stays safe against DoS (Denial of Service) attacks by using appropriate testing tools.

  23. 20 DIRECTORY BROWSING: Ensure directory browsing is disabled on the web server which hosts your web application.

  24. THANK YOU! For more information visit our HACKER COMBAT

More Related