No description, website, or topics provided.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Assesment
BurpSuite
Others
Resources
Technologies
README.md

README.md

WebHacking

Task Checklist

Recon and analysis

  • Harvesting public information
  • Automated discovery
  • Automated application discovery

Session management

  • Session fixation
  • Weak session token quality
  • Weak session token management
  • Weak logout
  • Cross-site request forgery
  • Weak CORS
  • Session token protection
  • No session timeout
  • Session encryption (SSL/TLS)

Authentication

  • Password strength enforcement
  • Authentication bypass
  • Unauthenticated URL access
  • Password brute force
  • Default account(admin)

Authorization

  • Insecure authorization design
  • Only client side authorization
  • Variable manipulation
  • Direct access to resources
  • IDOR

Client side attacks

  • Reflected XSS
  • Stored XSS
  • DOM based XSS
  • Wrong content-type
  • HTTP header injection
  • Malicious URL redirect
  • Clickjacking

Miscellaneous tests

  • LFI/RFI
  • SSRF
  • XML external entity injection
  • OS command injection
  • SQL injection
  • Malicious file upload

Information disclosure

  • Backup files
  • Leaking stackt-traces
  • Comments
  • Path disclosure
  • Directory listing

FAQ