1.Testing for browser cache weaknesses // Assessing Authentication Schemes // Web App Penetration
2. Testing for account enumeration and guessable accounts // Assessing Authentication Schemes
3. Testing for weak lock-out mechanisms // Assessing Authentication Schemes // Web App Penetration
4. Account provisioning process via REST API // Assessing Authentication Schemes // Web App Penetration
5. Bypassing authentication schemes // Assessing Authentication Schemes // Web App Penetration
6. Testing for directory traversal // Directory traversal // OWASP Mutillidae
7. Assessing Authorization Checks // Local File Include (LFI) // OWASP Mutillidae
8. Assessing Authorization Checks // Remote File Inclusion (RFI) // OWASP Mutillidae
9. Assessing Authorization Checks // Privilege escalation // OWASP Mutillidae
10. Assessing Authorization Checks // Insecure Direct Object Reference (IDOR) // OWASP Mutillidae
11. Testing session token strength using Sequencer // Assessing Session Management Mechanisms
12. Testing for cookie attributes // Assessing Session Management Mechanisms
13. Testing for session fixation // Assessing Session Management Mechanisms
14. Testing for exposed session variables // Assessing Session Management Mechanisms
15. Testing for Cross-Site Request Forgery // Assessing Session Management Mechanisms
16. Business logic data validation // Assessing Business Logic
17. Unrestricted file upload — bypassing weak validation // Assessing Business Logic
18. Performing process-timing attacks // Assessing Business Logic
19. Circumvention of work flows // Assessing Business Logic
21. Uploading malicious files — polyglots // Assessing Business Logic
22. Testing for reflected cross-site scripting // Evaluating Input Validation Checks
23. Testing for stored cross-site scripting // Evaluating Input Validation Checks
Web App Penetration Testing Tutorials
Assessing Authentication Schemes // bugbounty
Assessing Authorization Checks
[CyberBruhArmy
CYBER | TECH | LIFE - INFORMATION TECHNOLOGY VIDEOS Free Infosec and cybersecurity training. 📱Social Media📱 & ❓Info❓…youtube.com](https://www.youtube.com/CyberBruhArmy?sub_confirmation=1 "youtube.com/CyberBruhArmy?sub_confirmation=1")
OWASP Mutillidae LAB
https://twitter.com/cyberbruharmy
[Join the Firewall Discord Server!
Check out the Firewall community on Discord - hang out with 55 other members and enjoy free voice and text chat.discord.com](https://discord.com/invite/8Uz7ArN "discord.com/invite/8Uz7ArN")