CyberSecurity-Vulnerability-CheatSheet 🔐

Introduction 📖

Welcome to the CyberSecurity-Vulnerability-CheatSheet, a comprehensive resource designed for bug bounty hunters, ethical hackers, penetration testers, and cybersecurity professionals. This cheat sheet is your go-to guide for uncovering vulnerabilities in web applications, with structured insights into critical topics and actionable steps for improving web security.

Why Use This CheatSheet? 🤔

🚀 Comprehensive Coverage: Over 100 topics covering web application vulnerabilities, categorized for easy reference.
🔍 For All Skill Levels: Whether you're a beginner or an experienced researcher, this cheat sheet has something for everyone.
🛠️ Actionable Insights: Packed with practical tools, techniques, and real-world examples to help you uncover and exploit security flaws.
📈 Regular Updates: Stay ahead of the curve with the latest security trends and techniques.

Topics in Detail

Wildcard Vulnerabilities 🌀

Discover subdomain enumeration, wildcard DNS misconfigurations, subdomain takeovers, and hidden asset discovery.
Example Tools: Amass, Sublist3r, httpx.

Domain Vulnerabilities 🌐

Explore server misconfigurations, outdated technologies, and DNS record exposures.
Example Tools: Nmap, SecurityTrails, Burp Suite.

Information Gathering 🔍

Learn techniques for discovering endpoints, analyzing HTTP headers, and using tools like Google Dorks and certificate transparency logs.

Configuration Issues ⚙️

Identify improper server configurations, exposed sensitive files, and insecure deployment practices.

Transmission Flaws 🚦

Cover HTTPS misconfigurations, unencrypted data transmissions, and improper token handling.

Authentication Issues 🔐

Find weak passwords, MFA bypasses, and insecure OAuth implementations.

Session Management 🔒

Learn about session fixation, hijacking, token reuse, and cookie attribute misconfigurations.

Authorization Issues 🚨

Discover IDOR, role-based access control bypasses, and privilege escalation vulnerabilities.

Validation Flaws ✅

Master input and output validation, injection vulnerabilities, and insecure data handling techniques.

Denial of Service (DoS) 🛑

Understand resource exhaustion attacks, amplification techniques, and rate-limiting bypasses.

Business Logic Issues 📊

Exploit flaws in workflows, payment systems, and high-risk features for impactful findings.

Cryptography Vulnerabilities 🔏

Learn about weak encryption, JWT misconfigurations, and improper key management practices.

How to Use This CheatSheet 🛠️

Explore Topics: Navigate the topics above to focus on specific vulnerability types.
Leverage Tools: Use tools like Burp Suite, OWASP ZAP, and Nmap alongside this cheat sheet.
Take Notes: Document your findings systematically during your bug bounty or penetration testing process.
Contribute: Share your findings and suggestions to enhance this resource.

Who Is This For? 🎯

Bug Bounty Hunters: Accelerate your bug hunting process with a structured guide.
Penetration Testers: Use this as a checklist for thorough security assessments.
Developers: Secure your web applications by understanding vulnerabilities.
Cybersecurity Enthusiasts: Dive deeper into web application security techniques.

Contributing 🤝

We welcome contributions to improve this repository! Whether it's adding new content, refining examples, or sharing feedback, your input is invaluable. Feel free to open a pull request or create an issue.

License 📜

This repository is licensed under the MIT License. See the LICENSE file for details.

🌟 Let's Connect!

Hello, Hacker! 👋 We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:

🌐 Website: https://yogsec.github.io/yogsec/
📜 Linktree: https://linktr.ee/yogsec
🔗 GitHub: https://github.com/yogsec
💼 LinkedIn (Company): https://www.linkedin.com/company/yogsec/
📷 Instagram: https://www.instagram.com/yogsec.io/
🐦 Twitter (X): https://x.com/yogsec
👨‍💼 Personal LinkedIn: https://www.linkedin.com/in/cybersecurity-pentester/
📧 Email: abhinavsingwal@gmail.com

☕ Buy Me a Coffee

If you find our work helpful and would like to support us, consider buying us a coffee. Your support keeps us motivated and helps us create more awesome content. ❤️

☕ Support Us Here: https://buymeacoffee.com/yogsec

Happy Bug Hunting! 🐞🔍
Together, we can make the web a safer place!

Wildcard
Here’s a curated list of 100 topics to help you focus on finding vulnerabilities in wildcards (subdomains or generalized domains) in a structured way. These topics will help you dig deeper into web application vulnerabilities
________________
1-20: Subdomain Enumeration and Analysis
1. Subdomain enumeration with crt.sh and certificate transparency logs.
2. Automated subdomain discovery tools (Amass
3. Brute-forcing subdomains using wordlists.
4. Discovering wildcard DNS misconfigurations.
5. Identifying dead subdomains with httpx or similar tools.
6. Finding dangling DNS records (subdomain takeovers).
7. Investigating CNAME and external service bindings.
8. Discovering hidden subdomains via web archives (Wayback Machine).
9. Analyzing subdomain permutations and typosquats.
10. Checking for subdomains hosted on public cloud providers.
11. Enumerating wildcard subdomains with mass DNS tools.
12. Finding exposed staging
13. Analyzing misconfigured subdomains redirecting to external sites.
14. Reverse IP lookup for wildcard domains.
15. Searching for hidden assets in subdomains (e.g.
16. Examining wildcard responses for directory traversal.
17. Identifying subdomains without HTTPS enforcement.
18. Locating vulnerable subdomains through site leaks (robots.txt
19. Searching GitHub repositories for subdomain-specific secrets.
20. Finding wildcards in third-party JavaScript files.
________________
21-40: Application-Level Vulnerabilities
21. Cross-origin resource sharing (CORS) misconfigurations in subdomains.
22. Cross-site scripting (XSS) on subdomains with wildcard responses.
23. SQL injection in subdomain query parameters.
24. API key leaks via wildcard API subdomains.
25. Subdomain-wide session management issues.
26. Authentication bypass through subdomain misconfigurations.
27. Testing wildcard subdomains for insecure cookie attributes.
28. Privilege escalation between wildcard subdomains.
29. Open redirects in wildcard domains.
30. Insecure file uploads in subdomains.
31. Testing for NoSQL injections on wildcard APIs.
32. Directory indexing on wildcard domains.
33. Sensitive data exposure in wildcard domains (PII
34. Excessive permissions on exposed API endpoints.
35. Rate-limiting bypass on subdomain APIs.
36. Misconfigured error handling revealing stack traces in subdomains.
37. Testing for SSTI (Server-Side Template Injection) in wildcard responses.
38. CSRF vulnerabilities on wildcard subdomains.
39. Checking for default credentials on wildcard services.
40. Testing for improper session termination across wildcard subdomains.
________________
41-60: Wildcard-Specific Infrastructure Weaknesses
41. Misconfigured WAF rules on wildcard subdomains.
42. CDN misconfigurations exposing internal services.
43. Analyzing reverse proxy vulnerabilities on wildcards.
44. Testing for HTTP request smuggling across wildcard subdomains.
45. Cache poisoning attacks on wildcard domains.
46. Discovering unprotected staging or testing environments in wildcards.
47. Testing for prototype pollution vulnerabilities on wildcards.
48. SSRF vulnerabilities in wildcard APIs.
49. Host header injection on wildcard domains.
50. Detecting JWT (JSON Web Token) misconfigurations in wildcard subdomains.
51. Insecure HTTP methods enabled in wildcard responses.
52. Identifying misconfigured Access-Control-Allow-Origin headers.
53. Analyzing exposed internal IPs in wildcard responses.
54. Checking for vulnerable third-party integrations on wildcards.
55. Testing for command injection in subdomain input points.
56. Weak rate-limiting configurations across wildcard subdomains.
57. Identifying unpatched software versions on subdomains.
58. Misconfigured debug or verbose output on subdomains.
59. Analyzing source code repositories linked to wildcards.
60. Testing for sensitive files (.env
________________
61-80: Advanced Attack Vectors
61. Exploiting insecure redirects in wildcard responses.
62. Testing for unvalidated redirects in subdomains.
63. Discovering hidden parameters using wildcard fuzzing.
64. HTTP parameter pollution in wildcard subdomains.
65. Reverse engineering JavaScript files from wildcard APIs.
66. Testing subdomain-specific user authentication flaws.
67. Bypassing input validation across subdomains.
68. Testing for insecure deserialization vulnerabilities.
69. Chaining vulnerabilities across multiple subdomains.
70. Exploiting wildcard subdomain cookie issues.
71. Analyzing local file inclusion (LFI) in wildcard responses.
72. Exploiting remote file inclusion (RFI) in wildcard domains.
73. Analyzing DNS rebinding attacks on wildcard APIs.
74. Checking for FTP or SMTP exposure on wildcard services.
75. Abuse of public-facing debugging tools on wildcards.
76. Testing GraphQL misconfigurations on wildcard subdomains.
77. Finding DOM-based XSS in wildcard JavaScript files.
78. Exploiting insecure cryptographic storage in subdomains.
79. Testing third-party service integrations for insecure configurations.
80. Exploiting CORS preflight requests on subdomain APIs.
________________
81-100: Specialized Vulnerability Hunting
81. Identifying misconfigured cloud services attached to wildcards.
82. Exploiting wildcard subdomains hosted on S3 buckets.
83. Discovering unlinked API endpoints via subdomain brute-forcing.
84. Testing for Cross-Site WebSocket Hijacking (CSWSH).
85. Analyzing session replay attacks across subdomains.
86. Testing for content security policy (CSP) misconfigurations.
87. Abuse of HTTP2 features in wildcard subdomain responses.
88. Leveraging time-based attacks (timing leaks) on wildcards.
89. Testing for padding oracle attacks on subdomain responses.
90. Exfiltrating data via wildcard subdomain DNS channels.
91. Identifying wildcard domains running outdated CMS software.
92. Testing for business logic vulnerabilities in subdomains.
93. Discovering hidden endpoints using fuzzing (Burp Suite
94. Performing differential analysis of HTTP headers in wildcard responses.
95. Abuse of third-party OAuth implementations on subdomains.
96. Chaining OpenID Connect vulnerabilities across wildcards.
97. Exploiting wildcard domains with insufficient transport layer security.
98. Testing for insecure service workers on wildcard subdomains.
99. Analyzing HTTP response splitting vulnerabilities.
100. Abuse of misconfigured DNS TXT records for subdomains.
________________
How to Use This List
1. Prioritize & Automate: Start with tools like Burp Suite
2. Focus Areas: Focus on high-risk items like authentication flaws
3. Chain Vulnerabilities: Look for chaining opportunities (e.g.
4. Manual Testing: Use manual exploration for complex or custom functionality.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Domain
Here's a structured list of 100 topics to guide your bug bounty journey focused on exploring vulnerabilities in a specific domain. These topics cover reconnaissance
________________
1-20: Reconnaissance and Information Gathering
1. WHOIS lookup for domain ownership and DNS information.
2. Identifying domain IP ranges and hosting providers.
3. DNS record enumeration (A
4. Reverse DNS lookup for additional domain insights.
5. Enumerating subdomains for the given domain.
6. Checking SSL/TLS certificates for associated subdomains.
7. Searching historical DNS records using tools like SecurityTrails.
8. Analyzing robots.txt for hidden endpoints.
9. Parsing sitemap.xml for discoverable resources.
10. Checking server response headers for version information.
11. Identifying technologies used with Wappalyzer or BuiltWith.
12. Extracting email addresses linked to the domain.
13. Searching for domain mentions in public code repositories (e.g.
14. Analyzing domain presence in web archives (Wayback Machine).
15. Monitoring social media mentions related to the domain.
16. Searching for exposed API keys or tokens in public repositories.
17. Testing for domain-specific data leaks in pastebin dumps.
18. Using Google Dorks for sensitive file discovery.
19. Examining DNS zone transfers for misconfigurations.
20. Identifying content delivery network (CDN) dependencies.
________________
21-40: Server-Side Vulnerabilities
21. Detecting open ports and services using Nmap.
22. Identifying outdated software versions on the domain.
23. Checking for vulnerable plugins or CMS platforms.
24. Testing for misconfigured HTTP methods (e.g.
25. Analyzing server error pages for stack traces or sensitive information.
26. Scanning for directory indexing vulnerabilities.
27. Searching for sensitive files (e.g.
28. Testing for directory traversal vulnerabilities.
29. Exploiting local file inclusion (LFI) vulnerabilities.
30. Testing for remote file inclusion (RFI) vulnerabilities.
31. Analyzing exposed .DS_Store or other metadata files.
32. Detecting insecure server configurations (e.g.
33. Testing for command injection vulnerabilities.
34. Identifying vulnerable web server configurations (e.g.
35. Exploiting known CVEs affecting the domain’s server software.
36. Checking for HTTP response splitting vulnerabilities.
37. Testing for insecure cross-origin resource sharing (CORS).
38. Exploiting host header injection vulnerabilities.
39. Discovering potential server-side request forgery (SSRF) vectors.
40. Testing for insecure deserialization vulnerabilities.
________________
41-60: Application-Level Vulnerabilities
41. Testing for cross-site scripting (XSS) vulnerabilities.
42. Discovering SQL injection in URL parameters or forms.
43. Testing for NoSQL injection vulnerabilities.
44. Identifying insecure direct object references (IDOR).
45. Analyzing session management issues (e.g.
46. Testing for CSRF vulnerabilities in forms or endpoints.
47. Analyzing improper input validation mechanisms.
48. Exploring hidden parameters with tools like Arjun.
49. Fuzzing input fields for unexpected responses.
50. Identifying business logic flaws in application workflows.
51. Exploiting poorly implemented authentication mechanisms.
52. Testing for open redirect vulnerabilities.
53. Identifying sensitive data exposure via API endpoints.
54. Testing for rate-limiting bypasses in forms or APIs.
55. Analyzing caching mechanisms for sensitive data exposure.
56. Examining custom error messages for sensitive information.
57. Testing multi-step workflows for logical vulnerabilities.
58. Chaining vulnerabilities to escalate impact.
59. Testing for weak password policies in the domain.
60. Exploiting wildcard DNS configurations in application logic.
________________
61-80: API-Specific Vulnerabilities
61. Enumerating API endpoints for domain-related resources.
62. Testing for improper API authentication or token validation.
63. Exploiting over-permissive CORS in API endpoints.
64. Testing for excessive data exposure in API responses.
65. Identifying mass assignment vulnerabilities in API operations.
66. Testing API endpoints for rate-limiting flaws.
67. Identifying broken object-level authorization (BOLA) issues.
68. Testing for broken function-level authorization in APIs.
69. Detecting hidden API parameters with fuzzing tools.
70. Analyzing API documentation for potential flaws.
71. Testing for GraphQL API misconfigurations.
72. Exploiting insecure WebSocket implementations.
73. Checking API responses for hardcoded sensitive data.
74. Testing for session replay attacks in APIs.
75. Identifying API response leaks from development environments.
76. Exploiting verbose error messages in API responses.
77. Testing for JSON injection vulnerabilities.
78. Exploiting insecure pagination mechanisms.
79. Testing for file upload vulnerabilities in API endpoints.
80. Exploring deprecated or unpatched API methods.
________________
81-100: Advanced Techniques and Chaining
81. Exploiting DNS rebinding attacks for domain control.
82. Testing for padding oracle attacks in domain encryption mechanisms.
83. Analyzing custom encryption methods for flaws.
84. Testing for prototype pollution in JavaScript responses.
85. Exploiting insecure deserialization in JSON or XML inputs.
86. Testing for SSTI (Server-Side Template Injection).
87. Exploiting insecure service workers linked to the domain.
88. Performing DNS cache poisoning on public-facing records.
89. Testing for insecure CSP configurations.
90. Chaining CORS and XSS vulnerabilities for broader impact.
91. Exploiting JWT misconfigurations in authentication workflows.
92. Identifying misconfigured OAuth or OpenID Connect flows.
93. Testing for subdomain takeover via dangling records.
94. Exploiting content spoofing vulnerabilities in responses.
95. Detecting session fixation attacks in authentication flows.
96. Leveraging CSWSH (Cross-Site WebSocket Hijacking) vulnerabilities.
97. Testing for HTTP/2-specific vulnerabilities in domain servers.
98. Exploiting multi-factor authentication (MFA) bypass techniques.
99. Performing side-channel timing attacks on sensitive endpoints.
100. Developing custom attack vectors using domain-specific logic.
________________
How to Use This List
1. Prioritize: Begin with reconnaissance to gather information and build an attack surface.
2. Automate: Use tools like Burp Suite
3. Manual Testing: Focus on logical flaws and complex vulnerabilities.
4. Track Progress: Document findings and test areas systematically.
5. Report Properly: Prepare detailed reports for valid vulnerabilities.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Information Gathering
Here’s a curated list of 100 topics specifically for information gathering in web applications
________________
1-20: Domain and Basic Information
1. WHOIS lookup for domain registration details.
2. Identifying IP addresses of the web application.
3. Enumerating DNS records (A
4. Reverse DNS lookup for related IPs.
5. Analyzing SSL/TLS certificates for subdomains.
6. Discovering subdomains using tools like Sublist3r or Amass.
7. Using historical DNS records for domain insights.
8. Examining robots.txt for disallowed directories.
9. Parsing sitemap.xml for indexed URLs.
10. Using Google Dorks to search for sensitive files and endpoints.
11. Checking for publicly exposed directories.
12. Monitoring HTTP headers for server and technology stack information.
13. Identifying CMS or frameworks in use.
14. Analyzing HTTP response codes for clues about functionality.
15. Looking for error pages that expose sensitive details.
16. Enumerating virtual hosts (vhosts).
17. Analyzing shared hosting for neighboring websites.
18. Examining DNS zone transfer for misconfigurations.
19. Mapping the web application using tools like OWASP ZAP.
20. Capturing web application traffic with Burp Suite.
________________
21-40: Technology Stack Identification
21. Identifying backend technologies (PHP
22. Detecting frontend libraries and frameworks (React
23. Enumerating JavaScript files for endpoints and sensitive data.
24. Identifying database technologies used in the backend.
25. Detecting load balancers or reverse proxies.
26. Using Wappalyzer or BuiltWith to enumerate technologies.
27. Checking third-party integrations and analytics tools.
28. Scanning for plugins
29. Monitoring server banners for version information.
30. Checking web application deployment on cloud services.
31. Enumerating CDN providers for static assets.
32. Identifying exposed configuration files (config.php
33. Analyzing HTTP/2 and HTTP/3 adoption for unique headers.
34. Scraping metadata from the web application.
35. Checking for hardcoded API keys in client-side scripts.
36. Analyzing content security policy (CSP) for misconfigurations.
37. Identifying external assets hosted on third-party domains.
38. Testing web application firewalls (WAF) with payloads.
39. Enumerating user-agent-specific responses.
40. Analyzing response time differences for sensitive endpoints.
________________
41-60: File and Endpoint Discovery
41. Using tools like Gobuster to brute force directories.
42. Scanning for backup files (.bak
43. Identifying exposed Git repositories (.git).
44. Discovering endpoints with tools like FFUF or Dirbuster.
45. Searching for .DS_Store files revealing directory structure.
46. Parsing server logs from publicly accessible paths.
47. Finding temporary files left during development (~
48. Analyzing version control files like .svn or .hg.
49. Checking for web.config or htaccess files.
50. Analyzing uploaded assets for hidden metadata.
51. Examining error messages for sensitive information.
52. Identifying sensitive parameters in URLs using Arjun.
53. Discovering development or staging environments.
54. Parsing CSS files for hidden elements or comments.
55. Checking for test or debug endpoints in JavaScript files.
56. Discovering undocumented API endpoints.
57. Parsing API schemas or documentation.
58. Identifying hardcoded credentials in source files.
59. Checking exposed paths in error responses.
60. Examining environment-specific endpoints (/dev/
________________
61-80: User and Application Behavior
61. Analyzing login
62. Checking for default credentials.
63. Examining role-based access control (RBAC) behavior.
64. Scraping user roles or permissions from visible elements.
65. Monitoring HTTP headers for session tokens.
66. Analyzing cookie attributes for security configurations.
67. Testing multi-language or localization features.
68. Identifying hidden input fields in forms.
69. Scraping autocomplete suggestions for sensitive data.
70. Identifying referral links in outbound requests.
71. Observing behavior with different user-agents or devices.
72. Testing application behavior with no JavaScript enabled.
73. Checking for multi-factor authentication prompts.
74. Monitoring for inconsistent responses between HTTP and HTTPS.
75. Analyzing input validation behavior in forms.
76. Observing time-based responses for sensitive actions.
77. Testing file upload restrictions and allowed extensions.
78. Identifying reCAPTCHA or anti-bot mechanisms.
79. Checking for rate-limiting on key endpoints.
80. Parsing autocomplete tokens for user data exposure.
________________
81-100: Advanced Information Gathering
81. Discovering subdomains via certificate transparency logs.
82. Monitoring DNS changes over time.
83. Searching for sensitive information in public repositories.
84. Examining JavaScript dependencies for vulnerabilities.
85. Searching for CORS misconfigurations in cross-domain resources.
86. Identifying sensitive strings in web page comments.
87. Parsing WebSocket traffic for undocumented endpoints.
88. Analyzing CSP headers for exploitable weaknesses.
89. Checking for insecure referrer policies.
90. Searching for internal domain references in responses.
91. Analyzing GraphQL schema and introspection queries.
92. Enumerating exposed GraphQL endpoints.
93. Monitoring session cookies for predictable patterns.
94. Scraping and analyzing source maps if available.
95. Identifying OAuth redirection URLs for open redirect flaws.
96. Parsing third-party integrations for callback endpoints.
97. Searching for sensitive data in Swagger API documentation.
98. Analyzing header-based redirects for clues.
99. Testing file uploads for hidden functionality.
100. Capturing and analyzing all outbound requests from the application.
________________
How to Use This List
1. Automate Reconnaissance: Use tools like Burp Suite
2. Manual Testing: Carefully explore JavaScript files
3. Prioritize: Focus on areas exposing sensitive data or outdated technologies.
4. Document Findings: Record each step and its results systematically.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Configuration
Here’s a comprehensive list of 100 topics focused specifically on configuration-related vulnerabilities in web applications
________________
1-20: Basic Server and Environment Configuration
1. Checking for default server configurations.
2. Identifying server version disclosure in headers.
3. Analyzing HTTP headers for security misconfigurations.
4. Ensuring directory listing is disabled.
5. Verifying the presence of an updated web server.
6. Checking for unnecessary open ports.
7. Testing for exposed .htaccess or web.config files.
8. Verifying SSL/TLS certificate validity and configuration.
9. Testing for outdated SSL/TLS protocols (e.g.
10. Checking for missing HSTS headers.
11. Identifying exposed debug or development environments.
12. Testing for sensitive environment files (.env
13. Checking for insecure permissions on files and directories.
14. Identifying the use of default or weak passwords.
15. Checking for sensitive backup files (.bak
16. Analyzing server-side technology stack exposure.
17. Searching for sensitive tokens in server logs.
18. Ensuring proper error message suppression.
19. Checking for hardcoded credentials in configuration files.
20. Identifying insecure session storage mechanisms.
________________
21-40: Application-Specific Configuration
21. Verifying proper cookie attributes (HttpOnly
22. Checking for insecure API keys or secrets in config files.
23. Testing for weak JWT signing algorithms (e.g.
24. Ensuring CORS policy is correctly configured.
25. Identifying insecure X-Frame-Options settings.
26. Checking X-Content-Type-Options for MIME sniffing prevention.
27. Verifying the presence of Content-Security-Policy (CSP).
28. Analyzing Referrer-Policy for data exposure risks.
29. Ensuring proper Cross-Origin Resource Sharing (CORS) settings.
30. Checking for vulnerable configurations in third-party plugins.
31. Testing for insecure OAuth configurations.
32. Examining API rate-limiting settings.
33. Verifying file upload restrictions and validation mechanisms.
34. Ensuring database credentials are not hardcoded.
35. Testing for insecure database configurations (e.g.
36. Checking email server configurations for open relay vulnerabilities.
37. Identifying insecure DNS configurations (e.g.
38. Testing for exposed cloud service credentials in configurations.
39. Ensuring secure configuration of CDN and caching mechanisms.
40. Analyzing WebSocket configurations for open connections.
________________
41-60: Logging and Debugging Configurations
41. Checking for debug mode enabled in production.
42. Testing for exposed logs accessible via the web.
43. Verifying sensitive data is not logged in plain text.
44. Ensuring proper rotation of log files.
45. Testing for verbose error messages revealing stack traces.
46. Verifying database query logs for sensitive information.
47. Checking for publicly accessible crash dump files.
48. Ensuring real-time debugging tools are disabled in production.
49. Analyzing logging levels for overexposure of sensitive data.
50. Testing for exposure of internal IPs in log files.
51. Verifying authentication and authorization logs for security issues.
52. Checking for insecure storage of log files on public servers.
53. Ensuring log files are encrypted in transit and at rest.
54. Testing for exposed configuration debugging tools.
55. Analyzing application crash reports for sensitive data leaks.
56. Verifying logging configurations for external monitoring tools.
57. Ensuring debug endpoints are disabled in APIs.
58. Testing for improperly configured runtime environment variables.
59. Analyzing log files for exposed authentication tokens.
60. Checking for sensitive information in system crash reports.
________________
61-80: Frameworks and Libraries
61. Verifying framework configuration files are not publicly accessible.
62. Testing for insecure default configurations in frameworks.
63. Ensuring unnecessary services and modules are disabled.
64. Checking for exposed .git or .svn directories.
65. Testing for vulnerable package versions in libraries.
66. Identifying unnecessary third-party dependencies in the application.
67. Ensuring default configurations of libraries are hardened.
68. Testing for insecure template configurations in frameworks.
69. Ensuring secure dependency resolution in package managers.
70. Verifying session management configurations in frameworks.
71. Testing for missing or misconfigured CSRF protections.
72. Checking for deprecated APIs or functions in frameworks.
73. Ensuring secure access control configurations in frameworks.
74. Testing for insecure defaults in cloud-based services.
75. Analyzing deployment configurations for sensitive keys.
76. Ensuring secure configuration of cron jobs or scheduled tasks.
77. Verifying security of API gateway configurations.
78. Testing for insecure message queue configurations.
79. Checking for insecure configurations in CI/CD pipelines.
80. Ensuring secure configurations in container orchestration tools.
________________
81-100: Advanced Configurations
81. Testing for insecure configurations in Kubernetes pods.
82. Ensuring IAM roles and permissions are correctly configured.
83. Verifying cloud storage buckets for public accessibility.
84. Testing for unencrypted traffic between services.
85. Checking for insecure settings in reverse proxies.
86. Verifying database encryption settings.
87. Testing for insecure default configurations in Docker images.
88. Ensuring secure load balancer configurations.
89. Testing for misconfigured access control lists (ACLs).
90. Ensuring proper firewall rules for application servers.
91. Verifying secure configurations of shared hosting environments.
92. Testing for exposed CI/CD credentials in config files.
93. Checking for insecure caching mechanisms (e.g.
94. Testing for hardcoded secrets in IaC (Infrastructure as Code) templates.
95. Verifying access restrictions on internal dashboards.
96. Analyzing telemetry and analytics configurations for data leaks.
97. Checking for overexposed monitoring tools (e.g.
98. Ensuring secure storage of encryption keys and secrets.
99. Testing for sensitive configurations in edge services (e.g.
100. Ensuring secure configurations in serverless computing environments.
________________
How to Use This List
1. Systematic Approach: Tackle configurations by layers (server
2. Automation: Use tools like Burp Suite
3. Manual Testing: Confirm findings through careful exploration and analysis.
4. Document Configurations: Log vulnerable settings for reference in future engagements.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Transmission
Here’s a list of 100 topics focusing specifically on vulnerabilities and sensitive information leakage during data transmission in web applications
________________
1–20: Basic HTTPS and SSL/TLS Configuration
1. Testing for HTTP instead of HTTPS for sensitive data transmission.
2. Verifying SSL/TLS certificate validity and expiration.
3. Checking for self-signed or untrusted SSL certificates.
4. Testing for outdated SSL/TLS protocols (e.g.
5. Verifying if HSTS is properly implemented.
6. Analyzing SSL certificate revocation (OCSP Stapling).
7. Testing for weak SSL ciphers and encryption algorithms.
8. Verifying secure renegotiation in TLS connections.
9. Checking for exposed intermediate certificates.
10. Testing for mixed content issues (secure and insecure resources).
11. Identifying lack of Forward Secrecy in SSL/TLS configuration.
12. Verifying HTTPS redirection for all HTTP endpoints.
13. Testing for improper wildcard SSL certificate configurations.
14. Analyzing public key pinning configuration.
15. Testing for expired intermediate or root CA certificates.
16. Verifying security of SSL/TLS key exchange algorithms.
17. Testing for insecure SSL/TLS compression (CRIME attack).
18. Checking for supported anonymous ciphers in SSL/TLS.
19. Testing for improper implementation of mutual SSL authentication.
20. Verifying TLS downgrade protection (e.g.
________________
21–40: Authentication and Session Handling During Transmission
21. Testing for insecure session tokens transmitted over HTTP.
22. Verifying Secure and HttpOnly attributes in cookies.
23. Testing for session ID leakage through HTTP headers.
24. Analyzing session fixation vulnerabilities during transmission.
25. Verifying encrypted transmission of JWTs and API tokens.
26. Testing for plaintext passwords in transmission.
27. Checking for multi-factor authentication (MFA) bypass issues.
28. Verifying secure transmission of CSRF tokens.
29. Analyzing OAuth access token transmission.
30. Testing for replay attacks due to weak token handling.
31. Ensuring proper revocation of transmitted tokens.
32. Verifying encryption for WebSocket communication.
33. Testing for IDOR vulnerabilities in transmitted session data.
34. Checking for insecure session cookies in third-party domains.
35. Testing for session ID disclosure in error messages.
36. Verifying secure logout mechanisms in transmitted data.
37. Testing for token expiration during active transmission.
38. Ensuring secure transmission of refresh tokens.
39. Testing for vulnerable session regeneration mechanisms.
40. Analyzing authorization header handling in API requests.
________________
41–60: Sensitive Data Leakage in Transmission
41. Testing for plaintext transmission of sensitive fields (e.g.
42. Checking for sensitive information in URL parameters.
43. Analyzing HTTP headers for data exposure (Referer
44. Verifying secure transmission of PII (personally identifiable information).
45. Testing for unencrypted email or phone number transmission.
46. Checking for sensitive information in query string parameters.
47. Verifying file uploads are transmitted securely.
48. Testing for sensitive data in WebSocket frames.
49. Analyzing DNS leakage during data transmission.
50. Verifying encrypted transmission of form data.
51. Testing for sensitive data exposure in redirects.
52. Checking for improper encoding of transmitted data.
53. Verifying secure data transmission in third-party API calls.
54. Analyzing unencrypted logs of transmitted data.
55. Testing for sensitive cookies in cross-site requests.
56. Verifying masking of sensitive input fields during transmission.
57. Analyzing sensitive data in debug headers.
58. Testing for sensitive metadata leakage during uploads.
59. Verifying secure streaming of multimedia content.
60. Checking for sensitive information leakage in error pages.
________________
61–80: Transmission in APIs and Web Services
61. Testing for API keys in query parameters during transmission.
62. Verifying secure use of Basic Authentication in APIs.
63. Testing for exposed API tokens in transmitted headers.
64. Analyzing OAuth flows for insecure token transmission.
65. Verifying secure handling of refresh tokens in APIs.
66. Testing for vulnerable GraphQL queries during transmission.
67. Checking for sensitive data in SOAP API requests.
68. Verifying secure JSON and XML transmission.
69. Testing for excessive data exposure in API responses.
70. Analyzing WebSocket data leakage in real-time apps.
71. Verifying secure POST and GET request handling in APIs.
72. Testing for plaintext credentials in API requests.
73. Analyzing token expiration during API calls.
74. Checking for unnecessary transmission of sensitive data.
75. Verifying secure implementation of API rate limiting.
76. Testing for API misconfigurations in CORS during transmission.
77. Verifying secure error message handling in APIs.
78. Testing for sensitive information in transmitted API logs.
79. Checking for hardcoded credentials in transmitted payloads.
80. Verifying secure authentication flow in API transmission.
________________
81–100: Advanced and Specialized Transmission Scenarios
81. Testing for man-in-the-middle (MITM) vulnerabilities.
82. Analyzing DNS rebinding attacks in transmission.
83. Testing for improper encryption in real-time chat applications.
84. Verifying secure configuration of third-party analytics tools.
85. Testing for improper SSO token transmission.
86. Verifying secure handling of payment gateway data.
87. Analyzing IoT device communication for unencrypted transmission.
88. Testing for data exposure in serverless function responses.
89. Verifying secure file download mechanisms in transmitted data.
90. Analyzing WebRTC configurations for data leakage.
91. Testing for Cross-Site WebSocket Hijacking vulnerabilities.
92. Verifying secure configuration of content delivery networks (CDNs).
93. Testing for improper encoding in transmitted binary data.
94. Analyzing browser prefetching for data exposure risks.
95. Testing for insecure telemetry data transmission.
96. Verifying secure encryption of transmitted audit logs.
97. Analyzing e-commerce checkout flows for data exposure.
98. Verifying secure transmission of user session states in cookies.
99. Testing for insecure transmission in PWA (Progressive Web Apps).
100. Verifying secure implementation of end-to-end encryption.
________________
How to Use This List
* Beginner: Start with common HTTP/HTTPS and session handling issues.
* Intermediate: Explore API and WebSocket-related transmission vulnerabilities.
* Advanced: Test for specialized vulnerabilities in real-time apps
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Authentication
Here’s a curated list of 100 topics for exploring vulnerabilities and extracting sensitive information related to authentication mechanisms in web applications
________________
1–20: Basic Authentication Flaws
1. Testing for weak default credentials.
2. Verifying lack of password strength requirements.
3. Testing for credential stuffing vulnerabilities.
4. Verifying insecure password storage (e.g.
5. Testing for predictable usernames (e.g.
6. Testing for insecure password recovery mechanisms.
7. Checking for username enumeration through login error messages.
8. Testing for weak CAPTCHA implementations.
9. Verifying lack of account lockout after multiple failed attempts.
10. Testing for sensitive data in error messages.
11. Checking for hardcoded credentials in the codebase.
12. Verifying lack of HTTPS for login pages.
13. Testing for reflected credentials in URLs or error pages.
14. Verifying plaintext credentials in browser cache or autocomplete.
15. Checking for reuse of tokens across sessions.
16. Testing for missing CSRF protection on login forms.
17. Testing for credentials leaked in the Referer header.
18. Verifying insecure password hints (e.g.
19. Checking for open redirects after authentication.
20. Testing for missing secure cookie flags (HttpOnly
________________
21–40: Advanced Password and Login Issues
21. Testing for password disclosure in response payloads.
22. Verifying insecure two-factor authentication (2FA) mechanisms.
23. Testing for replay attacks with valid session tokens.
24. Checking for session fixation during login.
25. Testing for improper password reset links.
26. Verifying time-based authentication brute force.
27. Testing for token exposure in web storage (localStorage/sessionStorage).
28. Checking for lack of rate-limiting on authentication endpoints.
29. Testing for excessive information in authentication logs.
30. Verifying proper encoding of credentials in API requests.
31. Testing for credentials exposed in JavaScript source maps.
32. Analyzing token storage in Single Page Applications (SPAs).
33. Verifying insecure remember me functionality.
34. Testing for missing logout functionality.
35. Checking for improperly implemented biometric authentication.
36. Testing for poor OTP (One-Time Password) generation.
37. Verifying bypassable client-side validation on login forms.
38. Testing for session hijacking via stolen cookies.
39. Checking for improper use of authentication tokens in APIs.
40. Testing for insecure temporary password mechanisms.
________________
41–60: Multi-Factor Authentication (MFA) Vulnerabilities
41. Testing for bypassable MFA (e.g.
42. Verifying insecure transmission of 2FA codes.
43. Testing for OTP replay vulnerabilities.
44. Checking for missing MFA implementation on critical accounts.
45. Verifying hardcoded backup codes in source code.
46. Testing for insufficient entropy in generated OTPs.
47. Verifying SMS-based 2FA vulnerabilities (e.g.
48. Testing for improper invalidation of backup codes.
49. Checking for bypassable email-based MFA mechanisms.
50. Testing for lack of expiration in 2FA tokens.
51. Verifying vulnerability in QR code-based MFA setup.
52. Testing for insecure recovery options for MFA.
53. Checking for weak fallback mechanisms (e.g.
54. Testing for open redirects in MFA validation endpoints.
55. Verifying insecure push-based MFA mechanisms.
56. Testing for session persistence after MFA bypass.
57. Analyzing MFA tokens for predictable patterns.
58. Testing for session cookie reuse across MFA-protected accounts.
59. Checking for MFA token leakage in logs or browser storage.
60. Verifying proper revocation of MFA tokens during account changes.
________________
61–80: API Authentication Flaws
61. Testing for insecure API keys in request headers.
62. Verifying exposed API keys in front-end code.
63. Testing for improper validation of JWTs.
64. Checking for expired tokens accepted by APIs.
65. Verifying hardcoded API credentials in source code.
66. Testing for missing signature validation in API tokens.
67. Analyzing improper OAuth token exchange flows.
68. Testing for open API endpoints requiring no authentication.
69. Verifying weak session management in API requests.
70. Testing for IDOR vulnerabilities in authentication APIs.
71. Analyzing excessive privileges assigned to API tokens.
72. Testing for missing CORS restrictions on authentication endpoints.
73. Verifying token leakage in error messages.
74. Testing for improper token invalidation after logout.
75. Verifying tokens stored in query strings or URLs.
76. Testing for vulnerable SSO (Single Sign-On) flows.
77. Checking for missing revocation mechanisms in OAuth tokens.
78. Testing for weak API token rotation mechanisms.
79. Verifying insecure handling of refresh tokens.
80. Analyzing exposed GraphQL mutations for authentication flaws.
________________
81–100: Advanced Authentication Exploitation
81. Testing for session cloning across devices.
82. Verifying improper handling of expired sessions.
83. Testing for inadequate token encryption.
84. Checking for token leakage in WebSocket headers.
85. Testing for improper use of bearer tokens in insecure channels.
86. Verifying token replay in multi-user scenarios.
87. Testing for sensitive scopes in exposed OAuth tokens.
88. Verifying token usage in third-party integrations.
89. Testing for vulnerability in federated authentication mechanisms.
90. Checking for bypassable SAML authentication configurations.
91. Verifying insecure user impersonation mechanisms.
92. Testing for vulnerable delegated authentication flows.
93. Analyzing JWT claims for sensitive data exposure.
94. Verifying lack of signature validation in JWTs.
95. Testing for cross-tenant access vulnerabilities in multi-tenant apps.
96. Verifying improper token expiration handling during token refresh.
97. Testing for exposed private keys used for token signing.
98. Verifying lack of PKCE (Proof Key for Code Exchange) in OAuth flows.
99. Testing for bypassable device authentication mechanisms.
100. Checking for sensitive information in cookies during SSO transitions.
________________
How to Use This List
1. Basic Tests: Start with issues like insecure passwords
2. Intermediate Tests: Move into API-related vulnerabilities
3. Advanced Exploitation: Focus on advanced issues like SAML misconfigurations
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Session
Here is a list of 100 topics specifically focused on sessions in web applications. The list is arranged in ascending order of complexity
________________
1–20: Basics of Session Management
1. Testing for missing HttpOnly cookie flag.
2. Testing for missing Secure cookie flag.
3. Checking for session IDs transmitted over unencrypted channels.
4. Testing for session fixation vulnerabilities.
5. Verifying that session IDs are invalidated after logout.
6. Checking for reuse of session IDs after login/logout cycles.
7. Testing for predictable session ID generation.
8. Verifying session expiration after inactivity.
9. Testing for improper handling of session timeouts.
10. Checking for session tokens stored in URL query strings.
11. Testing for session ID exposure in browser cache.
12. Verifying session token storage in localStorage or sessionStorage.
13. Checking for session ID leakage in HTTP Referer headers.
14. Testing for improper session termination on the server-side.
15. Verifying that session IDs are sufficiently long and random.
16. Testing for duplicate session tokens across users.
17. Checking for session token exposure in error messages.
18. Testing for session tokens shared between HTTP and HTTPS endpoints.
19. Verifying the proper scope of session cookies (SameSite attribute).
20. Checking for insecure session cookies in subdomains.
________________
21–40: Intermediate Session Vulnerabilities
21. Testing for session tokens exposed in client-side JavaScript.
22. Checking for insecure session sharing between users (e.g.
23. Testing for weak session token hashing algorithms.
24. Verifying proper invalidation of sessions during password changes.
25. Checking for session replay vulnerabilities.
26. Testing for session hijacking using stolen cookies.
27. Verifying session persistence across browser instances.
28. Testing for session fixation in cross-origin contexts.
29. Checking for inconsistent session validation across endpoints.
30. Verifying secure logout mechanisms for Single Page Applications (SPAs).
31. Testing for session token leakage in third-party integrations.
32. Checking for insecure session tokens in WebSocket connections.
33. Verifying proper handling of session state during SSO transitions.
34. Testing for lack of session token rotation upon privilege escalation.
35. Verifying secure handling of session data in multi-tenant applications.
36. Testing for race conditions in session management.
37. Checking for improper handling of expired sessions.
38. Verifying unique session identifiers for each login instance.
39. Testing for session tokens hardcoded in application source code.
40. Checking for improper session handling during 2FA processes.
________________
41–60: Advanced Session Vulnerabilities
41. Testing for session token replay in API calls.
42. Verifying session token invalidation during user deactivation.
43. Testing for session cloning across devices.
44. Checking for exposed session tokens in mobile apps.
45. Verifying proper handling of simultaneous logins from different devices.
46. Testing for shared sessions between different roles (e.g.
47. Verifying session token expiration policies in JWTs.
48. Testing for session token tampering in signed cookies.
49. Checking for session management flaws in load-balanced environments.
50. Testing for session token leakage in browser extensions.
51. Verifying proper session termination during account deletion.
52. Checking for vulnerable session ID handling in legacy applications.
53. Testing for session state vulnerabilities in OAuth flows.
54. Verifying improper session storage in application logs.
55. Testing for session token leakage in CORS preflight requests.
56. Checking for session data exposure in debug endpoints.
57. Verifying proper validation of session tokens in microservices.
58. Testing for excessive privileges assigned to session tokens.
59. Checking for vulnerable session caching mechanisms.
60. Verifying insecure session handling in federated authentication systems.
________________
61–80: Specialized Session Testing
61. Testing for session token leakage in GraphQL queries.
62. Verifying weak encryption of session tokens in transport.
63. Testing for insecure refresh token handling in sessions.
64. Checking for improper session revocation mechanisms.
65. Testing for session impersonation using stolen credentials.
66. Verifying improper handling of session state in browser tabs.
67. Testing for session data injection vulnerabilities.
68. Checking for cross-origin session leakage.
69. Verifying insecure session persistence in hybrid mobile apps.
70. Testing for missing CSRF protection in session-related endpoints.
71. Checking for insecure session token exchange in third-party APIs.
72. Testing for session ID reuse across different applications.
73. Verifying proper invalidation of long-lived session tokens.
74. Testing for session hijacking through insecure iframe embedding.
75. Checking for session data exposure in performance monitoring tools.
76. Verifying session token tampering in client-side analytics scripts.
77. Testing for session validation bypasses in API endpoints.
78. Verifying improper handling of session tokens during upgrades.
79. Testing for session token leakage in push notifications.
80. Checking for sensitive session data exposure in audit logs.
________________
81–100: Cutting-Edge Session Research
81. Testing for session vulnerabilities in WebSocket authentication flows.
82. Verifying proper expiration of JWT-based session tokens.
83. Checking for session data leakage in distributed caching mechanisms.
84. Testing for misuse of session tokens in server-side rendering (SSR).
85. Verifying cross-domain session token scope issues.
86. Testing for insecure session persistence in offline-first applications.
87. Verifying session management flaws in progressive web apps (PWAs).
88. Testing for race conditions in session token issuance.
89. Checking for improper validation of session state during reconnections.
90. Verifying session handling during OAuth token exchange.
91. Testing for improper session state management in microservices.
92. Checking for session token leakage in application telemetry data.
93. Verifying session security in decentralized identity systems.
94. Testing for session replay attacks in event-driven architectures.
95. Checking for improper session handling in backend-as-a-service (BaaS) platforms.
96. Verifying secure session management in IoT-based web applications.
97. Testing for session token leakage in content delivery networks (CDNs).
98. Checking for insecure session revocation in passwordless authentication.
99. Verifying proper handling of session tokens in Kubernetes environments.
100. Testing for vulnerabilities in session-based rate-limiting mechanisms.
________________
How to Use This List
1. Prioritize Basics: Start with fundamental tests like cookie flags
2. Intermediate Exploits: Progress to session fixation
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Authorization
Here are 100 topics focusing on authorization vulnerabilities in web applications
________________
1–20: Basics of Authorization
1. Understanding the difference between authentication and authorization.
2. Verifying user role enforcement mechanisms.
3. Testing for direct access to restricted resources (IDOR).
4. Checking if sensitive data is exposed to unauthorized users.
5. Verifying proper use of access control headers (Cache-Control
6. Testing for misconfigured access control in web server settings.
7. Checking if users can escalate privileges via parameter tampering.
8. Verifying access control for admin panels.
9. Testing for unauthorized API endpoint access.
10. Checking for exposed endpoints in robots.txt.
11. Testing for authorization bypass using predictable resource identifiers.
12. Verifying role-based access control (RBAC) implementation.
13. Checking if a regular user can perform admin actions.
14. Testing for multi-step action vulnerabilities (e.g.
15. Verifying broken access control in multi-tenant applications.
16. Checking for missing ownership validation in resources (IDOR).
17. Testing for authorization bypass through insecure CORS policies.
18. Verifying access control for sensitive actions (e.g.
19. Testing if HTTP methods (PUT
20. Checking for unauthorized database queries via poorly secured endpoints.
________________
21–40: Intermediate Authorization Vulnerabilities
21. Testing for authorization flaws in Single Page Applications (SPAs).
22. Verifying access control for hidden or debug endpoints.
23. Testing for improper token validation in API requests.
24. Checking for access to unauthorized resources via direct URL manipulation.
25. Testing for session token reuse across different roles.
26. Verifying if non-admin users can access admin-level API endpoints.
27. Testing for insecure JWT (JSON Web Token) validation.
28. Checking for token expiration vulnerabilities.
29. Testing for insecure wildcard roles in RBAC configurations.
30. Verifying unauthorized actions in server-side rendered pages.
31. Testing for IDOR in file uploads or downloads.
32. Checking if a lower privilege user can edit or delete other users’ data.
33. Verifying that API rate limits are applied based on user roles.
34. Testing for bypassable access controls in APIs using HTTP headers.
35. Checking for improper validation of ownership during resource creation.
36. Testing for unrestricted access to admin-level functionality via client-side code manipulation.
37. Verifying authorization for paginated data retrieval (e.g.
38. Checking for improper handling of sensitive resources during SSO transitions.
39. Testing for insecure access to log files or system monitoring dashboards.
40. Verifying if restricted actions are possible via legacy API versions.
________________
41–60: Advanced Authorization Testing
41. Testing for role escalation through unvalidated form submissions.
42. Checking for authorization bypass in nested API resources.
43. Verifying access control for WebSocket connections.
44. Testing for authorization issues in GraphQL queries and mutations.
45. Checking for horizontal privilege escalation in multi-user workflows.
46. Verifying access to draft
47. Testing for broken access control in microservices-based architectures.
48. Checking for improper handling of access control during OAuth token exchanges.
49. Verifying that file permissions are correctly enforced.
50. Testing for access to shared resources without proper authorization.
51. Checking for authorization bypass via URL encoding or special characters.
52. Verifying access controls in serverless functions (e.g.
53. Testing for insecure role assignment in user creation flows.
54. Checking for authorization issues in passwordless authentication mechanisms.
55. Verifying improper enforcement of field-level access control in APIs.
56. Testing for excessive data exposure via wildcard or “all” permissions.
57. Checking for broken access control during pagination and sorting.
58. Verifying access to debug or staging environments using production credentials.
59. Testing for authorization bypass in chained API requests.
60. Checking for improper role inheritance or hierarchy configurations.
________________
61–80: Specialized Authorization Vulnerabilities
61. Testing for authorization bypass via insecure API gateway configurations.
62. Checking for access to audit logs by unauthorized users.
63. Verifying access control for subscription-based features or content.
64. Testing for improper enforcement of attribute-based access control (ABAC).
65. Checking for authorization flaws in third-party integrations or plugins.
66. Verifying access control policies in CI/CD pipelines.
67. Testing for authorization bypass through X-Forwarded-For header manipulation.
68. Checking for improper enforcement of scoped access tokens.
69. Testing for access to orphaned resources after user deletion.
70. Verifying authorization controls for user impersonation features.
71. Testing for authorization bypass in role-switching mechanisms.
72. Checking for insecure access to shared links or public file URLs.
73. Verifying access control for background jobs or task schedulers.
74. Testing for broken authorization in file access APIs.
75. Checking for token revocation flaws in logout processes.
76. Verifying access to developer tools or sandbox environments.
77. Testing for authorization issues in federated login systems.
78. Checking for improper validation of custom claims in JWTs.
79. Testing for authorization bypass in push notifications or WebHooks.
80. Verifying access control for dynamically created resources.
________________
81–100: Cutting-Edge Authorization Research
81. Testing for vulnerabilities in Zero Trust Network configurations.
82. Verifying authorization enforcement in containerized applications.
83. Testing for authorization flaws in blockchain-based web applications.
84. Checking for improper validation of permissions in smart contracts.
85. Verifying authorization policies in decentralized identity systems.
86. Testing for role escalation through insecure OAuth scopes.
87. Checking for authorization flaws in social login implementations.
88. Verifying access control policies for AI/ML model endpoints.
89. Testing for authorization flaws in data pipelines or ETL processes.
90. Checking for improper authorization handling in cloud-hosted applications.
91. Verifying access control for API keys and secret management systems.
92. Testing for unauthorized actions in event-driven architectures.
93. Checking for broken access control in edge computing platforms.
94. Verifying authorization for multi-factor authentication bypass attempts.
95. Testing for authorization flaws in role delegation mechanisms.
96. Checking for insecure access to sensitive logs or configuration files.
97. Verifying access control enforcement in distributed databases.
98. Testing for unauthorized modification of access policies or ACLs.
99. Checking for improper authorization in hybrid cloud environments.
100. Verifying authorization enforcement in decentralized application frameworks (DApps).
________________
How to Use This List
1. Start Simple: Focus on basic access control tests like role enforcement
2. Move Intermediate: Expand into token validation
3. Explore Advanced Issues: Dive into multi-tenant applications
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Validation
Here are the top 100 topics for finding juicy information and vulnerabilities in validation mechanisms in web applications
________________
1–20: Basics of Input Validation
1. Overview of input validation and why it is critical.
2. Identifying missing input validation on form fields.
3. Testing for client-side-only validation bypasses.
4. Verifying server-side input validation mechanisms.
5. Testing input length restrictions (minimum and maximum).
6. Checking for improper handling of special characters.
7. Validating alphanumeric input fields for improper data acceptance.
8. Testing for improper handling of whitespace in inputs.
9. Verifying validation for required fields.
10. Checking for missing validation on optional form fields.
11. Testing for HTML injection via improperly validated inputs.
12. Verifying validation on file upload fields.
13. Testing for SQL injection vulnerabilities due to lack of input sanitization.
14. Checking for command injection through improperly validated inputs.
15. Testing email address validation for common bypass techniques.
16. Verifying numeric input validation for improper handling of decimals or symbols.
17. Testing for improper handling of escape characters.
18. Checking validation for encoded input fields (e.g.
19. Verifying input validation for drop-down menus and select fields.
20. Testing for improper validation in multi-step forms.
________________
21–40: Intermediate Input Validation Vulnerabilities
21. Checking for improper validation in search fields.
22. Testing for injection vulnerabilities in JSON inputs.
23. Verifying validation for date and time input fields.
24. Testing for weak regular expressions in validation mechanisms.
25. Checking validation for inputs with Unicode or multi-byte characters.
26. Verifying validation of hidden form fields.
27. Testing for improper validation of numeric ranges (e.g.
28. Checking for missing validation on URL inputs.
29. Testing for directory traversal vulnerabilities due to lack of validation.
30. Verifying input validation for non-ASCII characters.
31. Checking for missing validation in API request payloads.
32. Testing for improper validation of headers in HTTP requests.
33. Verifying validation of IP address inputs.
34. Testing for missing or improper validation in query parameters.
35. Checking for improper validation of nested JSON or XML payloads.
36. Verifying that validation rules reject excessively long inputs.
37. Testing for improper validation of uploaded image metadata.
38. Checking validation of file paths in file upload mechanisms.
39. Verifying validation for multi-line inputs (e.g.
40. Testing for injection vulnerabilities in GraphQL queries or mutations.
________________
41–60: Output Validation and Encoding
41. Understanding the importance of output validation.
42. Verifying output encoding to prevent XSS vulnerabilities.
43. Checking for improper HTML encoding of outputs.
44. Testing for improper URL encoding in response headers.
45. Verifying JSON output encoding in APIs.
46. Checking for improper handling of special characters in outputs.
47. Testing for reflected XSS vulnerabilities in improperly validated outputs.
48. Verifying email template rendering for improper output validation.
49. Testing for missing or incorrect escaping in server-side templates.
50. Verifying output validation in PDF or document generation features.
51. Testing for insecure JavaScript rendering of unvalidated inputs.
52. Checking for insecure handling of user-provided CSS values.
53. Verifying output validation in WebSocket communications.
54. Testing for insecure encoding in XML outputs.
55. Checking for improper handling of null bytes in output.
56. Verifying validation of API response data before returning to the user.
57. Testing for insecure JSONP callback handling.
58. Checking for improper output encoding in dynamic content generation.
59. Verifying response header values for improper validation.
60. Testing for reflected errors in validation failure messages.
________________
61–80: Advanced Validation Techniques
61. Testing for insecure regex-based input validation rules.
62. Verifying validation logic in content management systems (CMS).
63. Testing for bypassable validation in third-party plugins or libraries.
64. Checking for improper validation in serverless applications.
65. Verifying the effectiveness of custom input sanitization functions.
66. Testing validation logic for HTML5 form attributes.
67. Verifying validation for wildcard inputs (e.g.
68. Testing for bypassing validation via obfuscation techniques.
69. Checking for validation inconsistencies across multiple endpoints.
70. Verifying validation of dynamically generated inputs.
71. Testing for improper validation in real-time input fields.
72. Verifying input validation in WebSocket-based applications.
73. Checking validation of base64-encoded input fields.
74. Verifying validation of encrypted or hashed inputs.
75. Testing for validation issues in file metadata parsing.
76. Checking for broken validation in frameworks (e.g.
77. Verifying input validation in cloud-based services or APIs.
78. Testing for validation issues in OAuth redirect URLs.
79. Checking for improper validation in email verification processes.
80. Verifying validation for HTML attribute injections.
________________
81–100: Cutting-Edge Validation Issues
81. Testing for improper validation in GraphQL nested inputs.
82. Verifying validation rules for AI/ML model inputs.
83. Checking for validation of inputs in blockchain-based applications.
84. Testing validation logic in IoT device configurations.
85. Verifying validation for dynamically rendered fields.
86. Checking for input validation in event-driven architectures.
87. Verifying validation of streaming inputs in WebSockets.
88. Testing for input validation bypass in containerized environments.
89. Verifying the handling of inputs in hybrid cloud architectures.
90. Testing for improper validation in decentralized applications (DApps).
91. Verifying validation for machine-generated input payloads.
92. Testing for validation of metadata in NoSQL databases.
93. Checking for input validation in virtual reality (VR) applications.
94. Verifying input validation for augmented reality (AR) applications.
95. Testing for validation of dynamic forms in mobile web applications.
96. Checking for input validation in peer-to-peer (P2P) web applications.
97. Verifying validation rules for inputs in serverless edge functions.
98. Testing validation of AI-generated code snippets or responses.
99. Checking for insecure validation in API gateway configurations.
100. Verifying validation of complex
________________
How to Use This List
1. Categorize the topics into "Input Validation
2. Test systematically using automated tools (e.g.
3. Document patterns
---
---
---
________________________________________________________________________________
________________________________________________________________________________
DoS
Here are the top 100 topics for finding juicy information and vulnerabilities related to Denial of Service (DoS) in web applications. These are specifically tailored for identifying and exploiting potential DoS vectors in web applications
________________
1–20: Basics of DoS in Web Applications
1. Understanding the basics of Denial of Service attacks.
2. Identifying endpoints with no rate-limiting protection.
3. Testing for unvalidated large payloads in HTTP requests.
4. Checking for resource-intensive queries (e.g.
5. Testing login forms for brute force DoS vulnerabilities.
6. Verifying session fixation leading to resource exhaustion.
7. Checking for DoS via file uploads (large or unsupported files).
8. Testing forms with multipart requests for DoS vulnerabilities.
9. Analyzing API endpoints for rate-limiting bypasses.
10. Checking for slow HTTP attacks (e.g.
11. Testing large POST body requests for server crashes.
12. Verifying unbounded loops in application logic.
13. Testing JSON/XML parsers for payload amplification attacks.
14. Checking for DoS via infinite redirects.
15. Testing for DoS in search filters with wildcard queries.
16. Identifying regular expression (ReDoS) vulnerabilities.
17. Testing for unvalidated numeric inputs causing resource exhaustion.
18. Verifying WebSocket endpoints for DoS vulnerabilities.
19. Testing CAPTCHA forms for bypassable protections leading to DoS.
20. Verifying error handling mechanisms for resource-intensive logs.
________________
21–40: Intermediate DoS Vulnerabilities
21. Testing for database locks caused by concurrent writes.
22. Analyzing memory exhaustion through large session payloads.
23. Testing for DoS through misconfigured caches.
24. Verifying file download endpoints for large file responses.
25. Testing API endpoints with excessively deep JSON nesting.
26. Checking for DoS vulnerabilities in server-side rendering.
27. Verifying DoS via repeated API authentication attempts.
28. Testing for DoS using oversized cookies.
29. Verifying XML External Entity (XXE) amplification attacks.
30. Testing for insecure handling of fragmented TCP packets.
31. Identifying DoS risks in upload endpoints with large multipart files.
32. Checking for DoS vulnerabilities in image processing libraries.
33. Testing for DoS using invalid SSL/TLS handshake attempts.
34. Verifying DoS through improper handling of large headers.
35. Checking WebSocket message size limits for DoS potential.
36. Analyzing application behavior under high concurrent user loads.
37. Testing for unthrottled email verification APIs.
38. Verifying DoS potential in third-party authentication providers.
39. Testing for cache poisoning leading to DoS.
40. Identifying DoS risks in serverless functions (cold start times).
________________
41–60: Advanced DoS Techniques
41. Testing for application crashes via malformed API requests.
42. Verifying hash collision DoS vulnerabilities in form submissions.
43. Analyzing the impact of CPU-bound operations on DoS.
44. Testing for resource exhaustion in analytics or tracking endpoints.
45. Verifying DoS via repeated HTTP/2 connection initialization.
46. Testing DNS amplification attacks against web applications.
47. Verifying time-based payloads causing server delays.
48. Testing for DoS vulnerabilities in token generation endpoints.
49. Analyzing the impact of malformed JSON requests on APIs.
50. Testing database triggers for infinite loops causing DoS.
51. Verifying potential DoS in pagination logic with large offsets.
52. Testing for DoS vulnerabilities in real-time streaming services.
53. Checking for repeated password reset requests causing DoS.
54. Testing for DoS via repeated multi-factor authentication requests.
55. Verifying DoS in large batch operations (e.g.
56. Testing for DoS risks in server-side PDF generation.
57. Verifying DoS caused by memory leaks in the application.
58. Testing for CPU-intensive operations in regex patterns (ReDoS).
59. Verifying DoS potential in third-party integrations or SDKs.
60. Checking for DoS risks in server-side logging mechanisms.
________________
61–80: Application-Specific DoS Attacks
61. Testing for excessive retries in payment gateways leading to DoS.
62. Verifying DoS in data export functionality with large datasets.
63. Testing DoS potential in webhooks or callback URLs.
64. Checking for DoS risks in HTML5 Web Workers.
65. Testing for DoS vulnerabilities in progressive web apps (PWAs).
66. Analyzing chat or messaging systems for DoS risks.
67. Testing for resource exhaustion in video transcoding services.
68. Verifying DoS potential in subscription-based notification systems.
69. Testing for unprotected server push mechanisms.
70. Verifying DoS risks in IoT device APIs exposed by web applications.
71. Checking for DoS vulnerabilities in payment card validation endpoints.
72. Testing for DoS risks in AI/ML model APIs integrated with web apps.
73. Verifying DoS potential in API gateways under high traffic.
74. Testing for DoS vulnerabilities in application telemetry systems.
75. Verifying timeout misconfigurations leading to DoS.
76. Testing for DoS risks in dynamic content personalization services.
77. Analyzing application sandbox environments for resource exhaustion.
78. Testing for DoS via repeated logout/login attempts.
79. Verifying DoS potential in notification delivery systems.
80. Checking for DoS risks in OAuth consent flows.
________________
81–100: Cutting-Edge and Complex DoS Issues
81. Testing for DoS vulnerabilities in decentralized applications (DApps).
82. Verifying DoS risks in blockchain transaction APIs.
83. Testing for resource exhaustion in hybrid cloud-based apps.
84. Verifying DoS potential in microservice communication patterns.
85. Checking for DoS risks in containerized web applications.
86. Testing for DoS vulnerabilities in edge computing deployments.
87. Verifying DoS risks in serverless workflows with high concurrency.
88. Testing for DoS potential in CDN misconfigurations.
89. Verifying risks of DoS via asynchronous task queues.
90. Testing for DoS vulnerabilities in feature flag management systems.
91. Checking for DoS risks in load balancers under edge cases.
92. Verifying DoS vulnerabilities in database replication mechanisms.
93. Testing for DoS risks in real-time multiplayer gaming APIs.
94. Checking for DoS vulnerabilities in adaptive authentication flows.
95. Verifying the impact of excessive retry mechanisms in APIs.
96. Testing for DoS risks in federated authentication systems.
97. Verifying DoS vulnerabilities in API versioning endpoints.
98. Testing for resource exhaustion in server-side encryption services.
99. Verifying DoS risks in machine learning pipelines exposed via APIs.
100. Checking for DoS vulnerabilities in experimental features or beta services.
________________
How to Use This List
1. Categorize these topics into basic
2. Use tools like Burp Suite
3. Simulate edge cases to uncover hidden DoS vulnerabilities and document them in your notebook.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Business Logic
Here are 100 topics to find juicy information and vulnerabilities in Business Logic for web applications
________________
1–20: Basic Business Logic Issues
1. Understanding what Business Logic vulnerabilities are.
2. Testing for unrestricted item quantity modification in shopping carts.
3. Checking for bypassable minimum/maximum quantity limits in forms.
4. Testing for price manipulation in e-commerce platforms.
5. Verifying promo code reusability by unauthorized users.
6. Checking for misconfigured discount rules leading to abuse.
7. Testing for unauthorized access to premium features.
8. Identifying bypasses for restrictions on order cancellations.
9. Testing for manipulation of refund policies.
10. Verifying duplicate submission of form data (e.g.
11. Testing for unvalidated user role changes (e.g.
12. Identifying access to restricted workflows via direct URL access.
13. Testing for business rule bypass in custom workflows.
14. Checking for invalid submission of out-of-stock items.
15. Testing for unauthorized access to scheduled services or events.
16. Verifying abuse of resource allocation mechanisms.
17. Testing for unrestricted access to internal or beta features.
18. Verifying manipulation of reservation systems (e.g.
19. Testing for bypassing required account verification.
20. Identifying unauthorized extension of subscription periods.
________________
21–40: Intermediate Business Logic Vulnerabilities
21. Verifying bypasses in multi-step processes (e.g.
22. Testing for abuse of "invite friends" functionality.
23. Verifying abuse of loyalty points or reward systems.
24. Testing for unauthorized access to invoices or financial records.
25. Identifying weaknesses in user-created resource limits (e.g.
26. Testing for bypasses in API quota enforcement.
27. Checking for abuse of trial account mechanisms.
28. Testing for abuse of "forgot password" workflows.
29. Verifying misuse of session expiration rules.
30. Testing for inconsistencies in email/phone number validation rules.
31. Checking for abuse of promo codes intended for specific users.
32. Verifying bypasses of scheduled event deadlines.
33. Testing for abuse of administrative approval workflows.
34. Identifying loopholes in feature flag controls.
35. Testing for manipulation of voting systems.
36. Verifying abuse of account merging functionality.
37. Checking for bypasses in payment plan upgrade/downgrade logic.
38. Testing for unauthorized access to drafts or unpublished content.
39. Verifying abuse of bulk purchase discounts.
40. Testing for session reuse across multiple users.
________________
41–60: Advanced Business Logic Exploits
41. Identifying inconsistencies in currency conversion calculations.
42. Verifying race conditions in workflow execution.
43. Testing for abuse of "remember me" or "stay logged in" functionalities.
44. Checking for vulnerabilities in inventory management workflows.
45. Verifying abuse of API endpoints without proper authorization checks.
46. Testing for logic flaws in custom password policies.
47. Checking for vulnerabilities in "add to wishlist" or "save for later" features.
48. Verifying abuse of access expiration mechanisms.
49. Testing for business logic bypass in event ticketing systems.
50. Identifying misuse of rate-limited actions in user workflows.
51. Testing for unauthorized assignment of roles in multi-user systems.
52. Verifying abuse of customer feedback or rating systems.
53. Checking for improper enforcement of business-critical rules.
54. Identifying weaknesses in auto-renewal subscription workflows.
55. Testing for bypasses in recurring billing setups.
56. Verifying abuse of internal workflow approvals.
57. Testing for manipulation of timestamp-based restrictions.
58. Identifying abuse in platform usage analytics.
59. Testing for bypasses in fraud detection logic.
60. Verifying abuse of content moderation workflows.
________________
61–80: Cutting-Edge Business Logic Vulnerabilities
61. Testing for abuse of AI/ML-based recommendation systems.
62. Identifying vulnerabilities in dynamic pricing logic.
63. Verifying abuse of time-limited offers or flash sales.
64. Testing for weaknesses in A/B testing workflows.
65. Identifying logic flaws in subscription billing intervals.
66. Verifying abuse of refund or chargeback mechanisms.
67. Testing for race conditions in coupon redemption workflows.
68. Identifying inconsistencies in multi-language implementations.
69. Testing for misuse of "buy now
70. Checking for abuse of transaction splitting mechanisms.
71. Testing for flaws in tokenized payment workflows.
72. Identifying vulnerabilities in blockchain-based business logic.
73. Verifying abuse of cross-organization workflows.
74. Testing for unauthorized access to partner integrations.
75. Verifying abuse of dynamic form generation.
76. Identifying logic flaws in tiered membership systems.
77. Testing for abuse of inventory reservation workflows.
78. Checking for vulnerabilities in referral reward systems.
79. Verifying misuse of account linking mechanisms.
80. Testing for vulnerabilities in custom reporting dashboards.
________________
81–100: Highly Complex Business Logic Issues
81. Verifying abuse of geo-restrictions or regional pricing rules.
82. Identifying flaws in zero-trust workflow implementations.
83. Testing for abuse of advanced search filters in data-heavy applications.
84. Verifying abuse of platform migration workflows.
85. Identifying logic flaws in service-level agreement (SLA) tracking.
86. Testing for inconsistencies in deferred payment processing.
87. Checking for abuse of ad targeting rules or parameters.
88. Identifying flaws in blockchain-based escrow workflows.
89. Verifying abuse of session-dependent workflows.
90. Testing for logic bypass in system-generated content tagging.
91. Identifying misuse of predictive analytics in business processes.
92. Verifying vulnerabilities in real-time bidding mechanisms.
93. Testing for flaws in virtual goods or token economies.
94. Identifying weaknesses in smart contract workflows.
95. Testing for abuse of AI-based fraud detection systems.
96. Verifying misuse of real-time transaction validation rules.
97. Identifying flaws in global pricing strategy enforcement.
98. Testing for abuse of vendor-specific custom integrations.
99. Verifying abuse of compliance-related automation workflows.
100. Identifying logic flaws in data synchronization between systems.
________________
How to Use This List
* Documentation: Organize these topics into your notebook with detailed explanations and examples for each topic.
* Tools: Use tools like Burp Suite
* Methodology: Combine manual testing with automation to validate each topic systematically.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Cryptography
Here are the top 100 topics to find juicy information and vulnerabilities in cryptography for web applications
________________
1–20: Basics of Cryptography in Web Applications
1. Understanding the role of cryptography in web applications.
2. Identifying improper use of cryptographic libraries.
3. Testing for hardcoded encryption keys in code.
4. Checking for sensitive data exposure due to lack of encryption.
5. Testing for weak encryption algorithms (e.g.
6. Verifying the use of strong cryptographic hash functions (e.g.
7. Identifying plaintext transmission of sensitive data over the network.
8. Testing for improper implementation of AES encryption modes (e.g.
9. Verifying the use of SSL/TLS for data transmission.
10. Checking for expired or weak SSL/TLS certificates.
11. Testing for misconfigured SSL/TLS settings.
12. Identifying use of outdated SSL/TLS versions (e.g.
13. Testing for improper certificate validation.
14. Checking for exposed private keys in repositories or configurations.
15. Testing for missing HSTS (HTTP Strict Transport Security) headers.
16. Verifying the use of secure cookies with proper attributes (Secure
17. Identifying insufficient randomness in cryptographic keys or tokens.
18. Testing for re-use of cryptographic keys across different applications.
19. Checking for lack of salting in password hashing.
20. Verifying implementation of PBKDF2
________________
21–40: Intermediate Cryptography Vulnerabilities
21. Testing for padding oracle attacks in AES-CBC encryption.
22. Verifying improper usage of RSA encryption (e.g.
23. Checking for improper configuration of Diffie-Hellman key exchange.
24. Identifying use of static or hardcoded IVs (Initialization Vectors).
25. Testing for improper key management practices.
26. Checking for cryptographic side-channel vulnerabilities.
27. Identifying unencrypted sensitive parameters in URLs.
28. Testing for lack of encryption for session tokens.
29. Verifying secure generation of random numbers for cryptographic purposes.
30. Checking for insecure usage of DES or 3DES algorithms.
31. Testing for improper cryptographic padding (e.g.
32. Verifying protection against downgrade attacks (e.g.
33. Identifying vulnerabilities in digital signature validation.
34. Testing for improper usage of JSON Web Tokens (JWT) signing algorithms.
35. Verifying JWT tokens with none algorithm.
36. Testing for missing or incorrect cryptographic checks in API calls.
37. Checking for improper key exchange mechanisms in APIs.
38. Verifying the use of TLS for backend-to-backend communication.
39. Identifying vulnerabilities in password recovery or reset mechanisms.
40. Testing for improper implementation of data integrity checks (e.g.
________________
41–60: Advanced Cryptography Vulnerabilities
41. Identifying misuse of Certificate Authority (CA) trust stores.
42. Testing for improperly implemented hybrid encryption schemes.
43. Verifying the use of ephemeral keys in cryptographic protocols.
44. Checking for issues in encrypted backups or file storage.
45. Testing for vulnerabilities in Web Crypto API implementations.
46. Verifying cryptographic parameters passed from the client-side.
47. Checking for missing forward secrecy in TLS configurations.
48. Testing for vulnerabilities in blockchain-based cryptography.
49. Verifying the use of quantum-resistant cryptographic algorithms.
50. Checking for improper cryptographic operation order (e.g.
51. Testing for broken or predictable key derivation functions.
52. Identifying vulnerabilities in third-party cryptographic libraries.
53. Testing for exposure of cryptographic secrets through logs.
54. Verifying the implementation of secure token generation mechanisms.
55. Checking for improper storage of encryption keys in memory.
56. Testing for vulnerabilities in time-based one-time password (TOTP) implementations.
57. Verifying secure use of elliptic curve cryptography (ECC).
58. Checking for improper usage of GCM mode for encryption.
59. Testing for replay attacks in encrypted communications.
60. Identifying cryptographic vulnerabilities in OAuth flows.
________________
61–80: Cryptography in Application-Specific Scenarios
61. Verifying cryptographic protections in mobile app communications.
62. Testing for cryptographic vulnerabilities in IoT devices.
63. Identifying insecure implementation of Transport Layer Security (TLS) pinning.
64. Verifying secure encryption of local storage data.
65. Testing for weak key exchange protocols in peer-to-peer applications.
66. Checking for cryptographic weaknesses in single sign-on (SSO) implementations.
67. Verifying secure implementation of digital rights management (DRM) systems.
68. Testing for vulnerabilities in encrypted email protocols (e.g.
69. Identifying cryptographic issues in serverless applications.
70. Testing for vulnerabilities in encrypted messaging apps.
71. Verifying secure storage of cryptographic keys in cloud environments.
72. Checking for cryptographic vulnerabilities in CI/CD pipelines.
73. Testing for weak encryption in document management systems.
74. Identifying vulnerabilities in encrypted video streaming protocols.
75. Verifying secure implementation of blockchain smart contracts.
76. Testing for cryptographic flaws in federated identity systems.
77. Verifying secure key storage in hardware security modules (HSMs).
78. Identifying improper use of tokenized payments.
79. Testing for cryptographic vulnerabilities in machine learning models.
80. Verifying secure use of homomorphic encryption.
________________
81–100: Cutting-Edge and Rare Cryptographic Vulnerabilities
81. Testing for quantum cryptographic vulnerabilities in web applications.
82. Identifying vulnerabilities in zero-knowledge proof implementations.
83. Testing for improper use of Secure Enclaves (e.g.
84. Verifying cryptographic protections in multi-party computation protocols.
85. Testing for flaws in attribute-based encryption systems.
86. Identifying vulnerabilities in encrypted voice-over-IP (VoIP) systems.
87. Testing for issues in end-to-end encryption implementations.
88. Verifying secure implementation of encrypted DNS protocols (e.g.
89. Checking for cryptographic weaknesses in electronic voting systems.
90. Identifying vulnerabilities in cryptographic watermarking.
91. Testing for flaws in blockchain-based identity verification systems.
92. Verifying secure use of ring signatures in cryptocurrency applications.
93. Testing for vulnerabilities in lattice-based cryptography.
94. Identifying improper usage of password-authenticated key exchange (PAKE) protocols.
95. Testing for weaknesses in threshold cryptographic schemes.
96. Verifying secure implementation of secure multi-signature systems.
97. Identifying vulnerabilities in encrypted real-time collaboration tools.
98. Testing for cryptographic vulnerabilities in edge computing.
99. Verifying secure use of post-quantum cryptographic algorithms.
100. Identifying vulnerabilities in encrypted biometric authentication systems.
________________
How to Use This List
1. Documentation: Organize each topic into your notebook with detailed explanations
2. Tools: Utilize tools like OpenSSL
3. Practice: Use sample vulnerable applications like Juice Shop or DVWA to explore real-world cryptographic issues.
4. Automation: Write scripts to automate common cryptographic checks and validation.
---
---
---
________________________________________________________________________________
________________________________________________________________________________
Risk Functionality
Here are the top 100 topics to find juicy information and vulnerabilities in risk functionality for web applications
________________
1–20: Basics of Risk Functionality in Web Applications
1. Identifying high-risk functionalities in web applications.
2. Understanding sensitive operations in the application workflow.
3. Testing for improper access control on critical actions.
4. Identifying risky administrative functions accessible to regular users.
5. Verifying sensitive data export functionality (e.g.
6. Testing for unrestricted file upload vulnerabilities.
7. Identifying exposed debug or diagnostic endpoints.
8. Verifying logout mechanisms for session termination.
9. Testing for lack of rate-limiting on sensitive actions.
10. Identifying unprotected mass deletion or modification actions.
11. Testing for insecure implementations of financial transactions.
12. Verifying protections on bulk data import/export functionalities.
13. Identifying bypasses for multi-factor authentication on risky actions.
14. Testing for improper logging of sensitive actions.
15. Verifying the presence of CSRF protections on high-risk functions.
16. Identifying vulnerable functionality for creating or deleting user accounts.
17. Testing for improper usage of reCAPTCHA on risky forms.
18. Verifying protections on password recovery/reset mechanisms.
19. Identifying unsafe options in configuration management panels.
20. Testing for misuse of sensitive email functionalities (e.g.
________________
21–40: Intermediate Risk Functionality Vulnerabilities
21. Identifying risky integrations with third-party services or APIs.
22. Testing for weak protections on payment processing systems.
23. Verifying protections on refund or chargeback functionalities.
24. Identifying vulnerabilities in subscription management systems.
25. Testing for insecure implementations of document signing workflows.
26. Identifying issues in high-risk operations involving cryptographic keys.
27. Testing for improper access to sensitive business logic APIs.
28. Verifying security of sensitive search functionalities (e.g.
29. Identifying weak protections on approval workflows (e.g.
30. Testing for bypasses in sensitive audit trail functionalities.
31. Identifying improper use of privileged escalation operations.
32. Testing for security issues in user impersonation features.
33. Verifying protections on content moderation or review workflows.
34. Identifying unsafe triggers for automated job scheduling.
35. Testing for lack of input validation in risky database queries.
36. Identifying risks in file-sharing or collaborative document editing functionalities.
37. Testing for vulnerabilities in sensitive custom APIs.
38. Verifying protections on discount or promotional code generation.
39. Identifying risks in application deployment workflows.
40. Testing for vulnerabilities in multi-user editing environments.
________________
41–60: Advanced Risk Functionality Vulnerabilities
41. Identifying risks in high-privilege user account recovery workflows.
42. Testing for vulnerabilities in critical infrastructure configuration changes.
43. Verifying protections for critical system backup functionalities.
44. Identifying risks in payment split or distribution mechanisms.
45. Testing for vulnerabilities in high-value API keys or tokens.
46. Identifying weak protections in sensitive file archival functionalities.
47. Verifying role-based access controls for high-risk operations.
48. Identifying risks in webhooks or callback URL processing.
49. Testing for bypasses in delegated access or OAuth flows.
50. Identifying risks in recurring billing systems.
51. Verifying protections in fraud detection workflows.
52. Testing for risks in sensitive machine learning model operations.
53. Identifying unsafe operations in system-wide notification mechanisms.
54. Testing for vulnerabilities in time-sensitive transactional workflows.
55. Identifying issues in sensitive caching mechanisms (e.g.
56. Verifying protections on sandboxed or test environments.
57. Testing for unsafe rollback or undo functionalities.
58. Identifying risks in dependency or package management systems.
59. Testing for issues in email or notification distribution lists.
60. Verifying secure handling of privileged API rate limits.
________________
61–80: Risk Functionality in Application-Specific Scenarios
61. Identifying risks in financial reporting or tax calculation tools.
62. Testing for vulnerabilities in sensitive dashboard functionalities.
63. Verifying protections on AI-powered decision-making features.
64. Identifying weak protections in high-value reward systems.
65. Testing for risks in sensitive customer account linking workflows.
66. Identifying vulnerabilities in large-scale data migration tools.
67. Verifying security in sensitive user analytics functionalities.
68. Testing for bypasses in secure chat or communication tools.
69. Identifying risks in automated customer onboarding systems.
70. Testing for vulnerabilities in API gateway configurations.
71. Verifying protections on audit logs for sensitive events.
72. Identifying risks in social media integration features.
73. Testing for vulnerabilities in sensitive geolocation services.
74. Verifying protections in access delegation workflows (e.g.
75. Testing for vulnerabilities in highly sensitive encryption key rotation processes.
76. Identifying risks in lifecycle management for critical resources.
77. Testing for issues in automated task assignment or reassignment features.
78. Verifying protections in end-to-end encrypted messaging functionalities.
79. Identifying risks in file preview functionalities for sensitive data.
80. Testing for vulnerabilities in sensitive workflow approval chains.
________________
81–100: Cutting-Edge and Rare Risk Functionality Vulnerabilities
81. Verifying protections in blockchain-based transaction processing.
82. Identifying vulnerabilities in decentralized identity management systems.
83. Testing for risks in sensitive real-time data streaming features.
84. Verifying protections on real-time high-value transaction reconciliation.
85. Identifying vulnerabilities in sensitive AR/VR application workflows.
86. Testing for risks in high-stakes predictive analytics functionalities.
87. Identifying unsafe implementations of quantum-safe cryptographic operations.
88. Verifying protections in IoT device control functionalities.
89. Testing for vulnerabilities in sensitive firmware update workflows.
90. Identifying risks in digital rights management (DRM) systems.
91. Testing for vulnerabilities in custom low-latency processing workflows.
92. Identifying risks in hybrid cloud-sensitive resource allocation tools.
93. Verifying protections in privilege escalation during critical system updates.
94. Identifying vulnerabilities in automated incident response mechanisms.
95. Testing for risks in AI-powered customer profiling systems.
96. Identifying risks in dynamic pricing systems for sensitive transactions.
97. Verifying protections in federated identity workflows with sensitive integrations.
98. Testing for risks in time-sensitive SLA-based service triggers.
99. Identifying vulnerabilities in sensitive cross-region synchronization features.
100. Testing for risks in real-time sensitive anomaly detection workflows.
________________
How to Use This List
1. Categorize: Divide these topics into high-priority and medium-priority risks based on your target application's features.
2. Document: Add notes
3. Tools: Use tools like Burp Suite
4. Prioritize: Focus on high-value functionalities such as financial transactions

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github		.github
CyberSec Cheatsheet.txt		CyberSec Cheatsheet.txt
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CyberSecurity-Vulnerability-CheatSheet 🔐

Introduction 📖

Why Use This CheatSheet? 🤔

Table of Contents 📑

Topics in Detail

Wildcard Vulnerabilities 🌀

Domain Vulnerabilities 🌐

Information Gathering 🔍

Configuration Issues ⚙️

Transmission Flaws 🚦

Authentication Issues 🔐

Session Management 🔒

Authorization Issues 🚨

Validation Flaws ✅

Denial of Service (DoS) 🛑

Business Logic Issues 📊

Cryptography Vulnerabilities 🔏

How to Use This CheatSheet 🛠️

Who Is This For? 🎯

Contributing 🤝

License 📜

🌟 Let's Connect!

☕ Buy Me a Coffee

About

Releases

Sponsor this project

Packages

License

yogsec/CyberSecurity-Vulnerability-CheatSheet

Folders and files

Latest commit

History

Repository files navigation

CyberSecurity-Vulnerability-CheatSheet 🔐

Introduction 📖

Why Use This CheatSheet? 🤔

Table of Contents 📑

Topics in Detail

Wildcard Vulnerabilities 🌀

Domain Vulnerabilities 🌐

Information Gathering 🔍

Configuration Issues ⚙️

Transmission Flaws 🚦

Authentication Issues 🔐

Session Management 🔒

Authorization Issues 🚨

Validation Flaws ✅

Denial of Service (DoS) 🛑

Business Logic Issues 📊

Cryptography Vulnerabilities 🔏

How to Use This CheatSheet 🛠️

Who Is This For? 🎯

Contributing 🤝

License 📜

🌟 Let's Connect!

☕ Buy Me a Coffee

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Sponsor this project

Packages 0

Packages