Skip to content

KbaHaxor/WebHacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

149 Commits
Assesment
Assesment
 
 
BurpSuite
BurpSuite
 
 
CMS
CMS
 
 
Others
Others
 
 
Resources
Resources
 
 
images
images
 
 
README.md
README.md
 
 

Repository files navigation

WebHacking

....

Task Checklist

Recon and analysis

  • Manual application discovery
  • Automated discovery(Subdomaintakeover)
  • Harvesting public information

Session management

  • Session fixation
  • Weak session token quality
  • Weak session token management
  • Weak logout
  • Cross-site request forgery
  • Weak CORS
  • Session token protection
  • No session timeout
  • Session encryption (SSL/TLS)

Authentication

  • Password strength enforcement
  • Authentication bypass
  • Unauthenticated URL access
  • Password brute force
  • Default account(admin)

Authorization

  • Insecure authorization design
  • Only client side authorization
  • Variable manipulation
  • Direct access to resources
  • IDOR

Client side attacks

  • Reflected XSS
  • Stored XSS
  • DOM based XSS
  • Wrong content-type
  • HTTP header injection
  • Malicious URL redirect
  • Clickjacking

Miscellaneous tests

  • LFI
  • RFI
  • XML external entity injection
  • OS command injection
  • SQL injection
  • Malicious file upload

Information disclosure

  • Backup files
  • Leaking stackt-traces
  • Comments
  • Path disclosure
  • Directory listing

Help

FAQ

References

About

WebHacking checklist

www.zawadidone.nl/

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages