Skip to content

Latest commit

 

History

History
106 lines (90 loc) · 5.29 KB

File metadata and controls

106 lines (90 loc) · 5.29 KB

Web Application Penetration Testing




Certifications and Course (Paid)


Security Standards


Information Gathering and Reconnaissance


Directory Enumeration


Burp Suite


  • Vulnerabilities and Securtiy issues

S.No. Vulnerability Refererence
1 Missing Strict Transport Security Header
2 Missing Content Security Policy
3 Missing X-Frame-Options ClickJacking
4 Missing X-Content-Type-Options
5 Unencrypted Communication HacksPlaining
Marking HTTP as non-secure
6 Information Leakage Web Security Academy - Information disclosure
Web Banner
7 Outdated Component Vulnerable and Outdated Components
8 Insecure HTTP Method enabled TRACE Method
OPTIONS Method
9 Cross Site Request Forgery Web Security Academy - CSRF
PwnFunction - Cross-Site Request Forgery
10 OS Command Injection
11 Code Injection
12 Cross Site Scripting
13 SQL Injection
14 Weak Password Policy
15 Privilege Escalation
Insecure Direct Object Reference
16 Missing Cookie Flags
17 User Enumeration
18 Missing Rate Limit/BruteForce
19 Host Header Injection
Password Reset Poisoning
20 Insecure File Upload
21 Directory Traversal
22 LFI
23 RFI
24 HTTP Paramter Pollution
25 Session Fixation
26 Session Expiration
27 JWT Token Web Security Academy - JWT Attacks
28 Cross Origin Resource Sharing
29 XML external entity (XXE) injection
30 Server-side request forgery (SSRF)
31 Captcha Bypass
32 OTP Bypass
2FA Bypass
33 Authentication
34 Open Redirect
35 OAuth
36 Business logic Web Security Academy - Business logic