Web Hacking: Become a Pentester – Lecture 49: Assessment Checklist
iSpeech
In this video I show you the assessment checklist I use for web application assessments.
This is a preview lecture from my online web hacking training called Web Hacking: Become a Pentester.
Check out the full course: http://aetherlab.net/y/ho
My blog: http://aetherlab.net
All my traingings: http://hackademy.aetherlab.net
Transcript:
Information Gathering:
- Manual application discovery
- Automated discovery
- Harvesting publich information
Session management:
- Session fixation
- Weak session token quality
- Weak session token management
- Weak logout
- Cross-site request forgery
- Weak CORS
- Session token protection
- No session timeout
- Session encryption (SSL/TLS)
Authentication:
- Password strength enforcement
- Authentication bypass
- Unauthenticated URL access
- Password brute force
- Default account
Authorization:
- Insecure authorization design
- Only client side authorization
- Variable manipulation
- Direct access to resources
Client side attacks:
- Reflected XSS
- Stored XSS
- DOM based XSS
- Wrong content-type
- HTTP header injection
- Malicious URL redirect
- Clickjacking
Server side attacks:
- LFI
- RFI
- XML External Entity injection
- OS command injection
- SQL injection
- Malicious file upload
Business logic attacks:
- Malware upload
- Enabling debug mode
- User lockout
- Weak process design
Information Disclosure:
- Backup files
- Leaking stack traces
- Comments
- Path disclosure
- Directory listing
- Credentials sent to the browser
2017-12-21 15:30:00
source
Gloss