# Web App #Penetration Testing for Beginners:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1688280148594/7c359947-8774-461d-9f2e-71165db55589.png)

1.Testing for browser cache weaknesses // Assessing Authentication Schemes // Web App Penetration

<iframe src="https://www.youtube.com/embed/MIUSF1eFM44?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

2\. Testing for account enumeration and guessable accounts // Assessing Authentication Schemes

<iframe src="https://www.youtube.com/embed/qoMHKd4B1aA?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

3\. Testing for weak lock-out mechanisms // Assessing Authentication Schemes // Web App Penetration

<iframe src="https://www.youtube.com/embed/mOkMXMgpC00?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

4\. Account provisioning process via REST API // Assessing Authentication Schemes // Web App Penetration

<iframe src="https://www.youtube.com/embed/rpNIxcRwTzI?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

5\. Bypassing authentication schemes // Assessing Authentication Schemes // Web App Penetration

<iframe src="https://www.youtube.com/embed/mi5DdMmI8go?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

6\. Testing for directory traversal // Directory traversal // OWASP Mutillidae

<iframe src="https://www.youtube.com/embed/JjEfbTCwSPg?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

7\. Assessing Authorization Checks // Local File Include (LFI) // OWASP Mutillidae

<iframe src="https://www.youtube.com/embed/BiXKOzBOMKQ?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

8\. Assessing Authorization Checks // Remote File Inclusion (RFI) // OWASP Mutillidae

<iframe src="https://www.youtube.com/embed/wBEqofd5XyI?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

9\. Assessing Authorization Checks // Privilege escalation // OWASP Mutillidae

<iframe src="https://www.youtube.com/embed/2cJ-4aJcjYY?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

10\. Assessing Authorization Checks // Insecure Direct Object Reference (IDOR) // OWASP Mutillidae

<iframe src="https://www.youtube.com/embed/SlsEYuMNHN8?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

11\. Testing session token strength using Sequencer // Assessing Session Management Mechanisms

<iframe src="https://www.youtube.com/embed/VqPMd4ukXPQ?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

12\. Testing for cookie attributes // Assessing Session Management Mechanisms

<iframe src="https://www.youtube.com/embed/jVqUYgl6qXo?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

13\. Testing for session fixation // Assessing Session Management Mechanisms

<iframe src="https://www.youtube.com/embed/IoPsMqs61nA?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

14\. Testing for exposed session variables // Assessing Session Management Mechanisms

<iframe src="https://www.youtube.com/embed/fiUIVLKe8vY?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

15\. Testing for Cross-Site Request Forgery // Assessing Session Management Mechanisms

<iframe src="https://www.youtube.com/embed/KLhhzcdKGkI?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

16\. Business logic data validation // Assessing Business Logic

<iframe src="https://www.youtube.com/embed/aPxlDDxcjlw?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

17\. Unrestricted file upload — bypassing weak validation // Assessing Business Logic

<iframe src="https://www.youtube.com/embed/LLwtC2SJw6g?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

18\. Performing process-timing attacks // Assessing Business Logic

<iframe src="https://www.youtube.com/embed/Jl21i39A8A0?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

19\. Circumvention of work flows // Assessing Business Logic

<iframe src="https://www.youtube.com/embed/UKcOYKWOxpI?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

21\. Uploading malicious files — polyglots // Assessing Business Logic

<iframe src="https://www.youtube.com/embed/mLGfnMTkyFU?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

22\. Testing for reflected cross-site scripting // Evaluating Input Validation Checks

<iframe src="https://www.youtube.com/embed/BzMpuMmSH7I?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

23\. Testing for stored cross-site scripting // Evaluating Input Validation Checks

<iframe src="https://www.youtube.com/embed/0KT5GDvdp6c?feature=oembed" width="700" height="393" frameborder="0" scrolling="no"></iframe>

### [Web App Penetration Testing Tutorials](https://www.youtube.com/playlist?list=PL8PnAf11sThVqeqptNmF9vSZ9tRvaeQtX)

### [Assessing Authentication Schemes // bugbounty](https://www.youtube.com/playlist?list=PL8PnAf11sThWGlRpZsMPdNsrfoDoRsY9b)

### [Assessing Authorization Checks](https://www.youtube.com/playlist?list=PL8PnAf11sThWLY-IzjEljXC3t1ZNREigS)

[**CyberBruhArmy**  
*CYBER | TECH | LIFE - INFORMATION TECHNOLOGY VIDEOS Free Infosec and cybersecurity training. 📱Social Media📱 & ❓Info❓…*www.youtube.com](https://www.youtube.com/CyberBruhArmy?sub_confirmation=1 "https://www.youtube.com/CyberBruhArmy?sub_confirmation=1")[](https://www.youtube.com/CyberBruhArmy?sub_confirmation=1)

### [OWASP Mutillidae LAB](https://www.youtube.com/playlist?list=PL8PnAf11sThW12FAS3vMFh4HScehrNUe6)

[https://twitter.com/cyberbruharmy](https://twitter.com/cyberbruharmy)

[**Join the Firewall Discord Server!**  
*Check out the Firewall community on Discord - hang out with 55 other members and enjoy free voice and text chat.*discord.com](https://discord.com/invite/8Uz7ArN "https://discord.com/invite/8Uz7ArN")[](https://discord.com/invite/8Uz7ArN)
