README.md

Web-Application-Pentest

Web Application Penetration testing is the process of using penetration testing techniques on a web application to detect its vulnerabilities. It is similar to a penetration test and aims to break into the web application using any penetration attacks or threats.

Web Application Penetration testing works by using manual or automated penetration tests to identify any vulnerability, security flaws or threats in a web application. The tests involve using/implementing any of the known malicious penetration attacks on the application.

Following Steps we need to perform for Penetration Testing:

• Recon Phase

• Injections

  • X-PATH Injection

  • Server Side Code Injection

  • Server Side Template Injection

  • OS-Command Injection

  • SQL-Injection

  • LDAP-Injection

  • CodeInjection

  • HTTP Host Header Injection

  • HTML Injection

    • Stored HTML Injection
    • Reflected HTML Injection
      • Reflected GET
      • Reflected POST
      • Reflected URL

  • Email-Header Injection

  • CRLF Injection

• Broken Authentication

  • Authentication Bypass

    • Direct Page Request
      • Forced Browsing
      • Predictable Resource Location
      • Accessing Common Files and Directories
    • Parameter Modification
    • Session ID Prediction
    • SQL Injections

  • Authentication Bypass using SQL Injections

  • Default Credentials

    • Testing for Vendor Default Credentials
    • Testing for Organization Default Passwords
    • Testing for Application Generated Default Passwords

  • Failure to Invalid Session after Password Change

• Session Management

• Cross Site Scripting (XSS)

• Insecure direct object references (IDOR)

• Missing Function-Level Access Control