what should go into a web application penetration testing checklist?
TRANSCRIPT
W H A T S H O U L D G O I N T O A W E B A P P L I C A T I O N P E N E T R A T I O N T E S T I N G C H E C K L I S T ?
Penetrat ion test ing is the process of
test ing a sof tware by t ra ined secur i ty
exper ts in order to f ind out i ts secur i ty
vu lnerabi l i t ies .
W H A T I S P E N E T R A T I O N T E S T I N G ?
Let 's take a look at some of the e lements
every web appl icat ion penetrat ion test ing
check l is t should conta in, in order for the
penetrat ion test ing process to turn out to
be rea l ly e f fect ive.
The entry po int for spammers is o f ten a
web appl icat ion 's contact form.
0 1
C O N T A C T F O R M T E S T I N G
I t p lays a huge ro le in scrut in iz ing the
t ra f f ic to your web appl icat ion and point ing
out any mal ic ious act iv i ty .
0 2
P R O X Y S E R V E R ( S ) T E S T I N G
Spam emai l f i l ters are funct ion ing proper ly
and f i l ter ing the incoming and outgoing
t ra f f ic and b lock ing unsol ic i ted emai ls .
0 3
S P A M E M A I L F I L T E R T E S T I N G
Firewal l is prevent ing undesi rab le t ra f f ic
f rom enter ing in to your web appl icat ion.
04
N E T W O R K F I R E W A L L T E S T I N G
Check on var ious aspects associated wi th
your web appl icat ion and network dev ices,
a lso make a l is t o f the secur i ty
vu lnerabi l i t ies they pose.
05
S E C U R I T Y V U L N E R A B I L I T Y T E S T I N G
Ensure a l l usernames and passwords are
encrypted and t ransferred over secure
"HTTPS" connect ion.
06
C R E D E N T I A L E N C R Y P T I O N T E S T I N G
Cookies s tore data re la ted to user
sess ions. In format ion i f i t is exposed to
the hackers, the secur i ty o f many users
who v is i t your websi te wi l l be eas i ly
compromised.
07
C O O K I E T E S T I N G
Open por ts on the web server on which
your web appl icat ion has been hosted a lso
present a good oppor tun i ty for hackers to
explo i t your web appl icat ion 's secur i ty .
08
T E S T I N G F O R O P E N P O R T S
Ensure your web appl icat ion locks i tse l f
up af ter a speci f ic number of unsuccessfu l
log in at tempts.
09
A P P L I C A T I O N L O G I N P A G E T E S T I N G
Ensures a l l your er ror messages are
gener ic and do not reveal too much about
the problem.
10
E R R O R M E S S A G E T E S T I N G
Review the HTTP methods used by your
web appl icat ion to in teract wi th your
c l ients .
11
H T T P M E T H O D ( S ) T E S T I N G
Test a l l the usernames/passwords that are
making use of your web appl icat ion.
12
U S E R N A M E A N D P A S S W O R D T E S T I N G
Ensure a l l f i les you upload to your web
appl icat ion or server are scanned duly
before they are uploaded.
13
F I L E S C A N N I N G
SQL in ject ion is one of the most popular
methods employed by hackers when i t
comes to explo i t ing web appl icat ions and
websi tes.
14
S Q L I N J E C T I O N T E S T I N G
Also, ensure your web appl icat ion res is ts
cross-s i te scr ip t ing or XSS at tacks as
wel l .
15
X S S T E S T I N G
Ensure your web appl icat ion res is ts cross-
s i te scr ip t ing or XSS at tacks as wel l .
16
X S S T E S T I N G
Ensure that user sess ions end upon log
of f .
17
U S E R S E S S I O N T E S T I N G
Using appropr ia te test ing too ls ensure
your web appl icat ion s tays safe against
brute force at tacks.
18
B R U T E F O R C E A T T A C K T E S T I N G
Also ensure your web appl icat ion s tays
safe against DoS (Denia l o f Serv ice)
a t tacks by us ing appropr ia te test ing too ls .
19
D O S ( D E N I A L O F S E R V I C E ) A T T A C K T E S T I N G
Ensure d i rectory browsing is d isabled on
the web server which hosts your web
appl icat ion.
20
D I R E C T O R Y B R O W S I N G :
For more in format ion v is i t our
HACKER COMBAT
T H A N K Y O U !