Skip to main content
HashnodeCyber Security

Command Palette

Search for a command to run...

Web App #Penetration Testing for Beginners:

Published
2 min read
Web App #Penetration Testing for Beginners:
C
CyberBruhArmy
CYBER | TECH | LIFE - INFORMATION TECHNOLOGY VIDEOS Free Infosec and cybersecurity articles. To submit your articles please drop mail on contact@cyberbruharmy.in!

1.Testing for browser cache weaknesses // Assessing Authentication Schemes // Web App Penetration

2. Testing for account enumeration and guessable accounts // Assessing Authentication Schemes

3. Testing for weak lock-out mechanisms // Assessing Authentication Schemes // Web App Penetration

4. Account provisioning process via REST API // Assessing Authentication Schemes // Web App Penetration

5. Bypassing authentication schemes // Assessing Authentication Schemes // Web App Penetration

6. Testing for directory traversal // Directory traversal // OWASP Mutillidae

7. Assessing Authorization Checks // Local File Include (LFI) // OWASP Mutillidae

8. Assessing Authorization Checks // Remote File Inclusion (RFI) // OWASP Mutillidae

9. Assessing Authorization Checks // Privilege escalation // OWASP Mutillidae

10. Assessing Authorization Checks // Insecure Direct Object Reference (IDOR) // OWASP Mutillidae

11. Testing session token strength using Sequencer // Assessing Session Management Mechanisms

12. Testing for cookie attributes // Assessing Session Management Mechanisms

13. Testing for session fixation // Assessing Session Management Mechanisms

14. Testing for exposed session variables // Assessing Session Management Mechanisms

15. Testing for Cross-Site Request Forgery // Assessing Session Management Mechanisms

16. Business logic data validation // Assessing Business Logic

17. Unrestricted file upload — bypassing weak validation // Assessing Business Logic

18. Performing process-timing attacks // Assessing Business Logic

19. Circumvention of work flows // Assessing Business Logic

21. Uploading malicious files — polyglots // Assessing Business Logic

22. Testing for reflected cross-site scripting // Evaluating Input Validation Checks

23. Testing for stored cross-site scripting // Evaluating Input Validation Checks

Web App Penetration Testing Tutorials

Assessing Authentication Schemes // bugbounty

Assessing Authorization Checks

[CyberBruhArmy
CYBER | TECH | LIFE - INFORMATION TECHNOLOGY VIDEOS Free Infosec and cybersecurity training. 📱Social Media📱 & ❓Info❓…www.youtube.com](https://www.youtube.com/CyberBruhArmy?sub_confirmation=1 "https://www.youtube.com/CyberBruhArmy?sub_confirmation=1")

OWASP Mutillidae LAB

https://twitter.com/cyberbruharmy

[Join the Firewall Discord Server!
Check out the Firewall community on Discord - hang out with 55 other members and enjoy free voice and text chat.discord.com](https://discord.com/invite/8Uz7ArN "https://discord.com/invite/8Uz7ArN")

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

Cyber Security

51 posts

Welcome to CyberBruhArmy's help center! We're here to answer your questions. Can't find what you're looking for? Send our support team a note at contact@cyberbruharmy.in!