1 / 16

Web Application Vulnerabilities Checklist

Web Application Vulnerabilities Checklist. Parameter Checklist. URL request URL encoding Query string Header Cookie Form field Hidden field Client side validation ‘Tainted’ parameters Min/Max lengths Concatenate commands.

noelani-mcconnell
Download Presentation

Web Application Vulnerabilities Checklist

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Application Vulnerabilities Checklist

  2. Parameter Checklist • URL request • URL encoding • Query string • Header • Cookie • Form field • Hidden field • Client side validation • ‘Tainted’ parameters • Min/Max lengths • Concatenate commands

  3. Determine policies for access to content and functions.

  4. Credential Management • Password storage • Password change • User Update section • Password strength • Lockout policy • Login attempts allowed

  5. Session Management • Token protection • Session Duration • Idle time Duration • Guess Session ID format • Transfer in URL or BODY? • Is Session Id linked to the IP address? • Change Referrer tag

  6. Backend Authentication • Trust relationships • Encryption • Plaintext password in HTML • Password in configuration file.

  7. XSS • Which type – stored or reflected • Check for 404/500 error pages for • return information. • Input validation

  8. MisConfiguration • Nikto results • Nessus results • Patch level • Directory listing • Directory permission • Error messages • Default username/pass • SSL cert. Configuration • Debug or configuration Files • Check for latest vulnerabilities

  9. Unwanted • Backup files • Defaults files • Services • Remote admin. Access

  10. Flaws in access control? • Check for path transversal. • Client side Caching • Check header • Check metatag • Determine file permissions

  11. SQL injection • Mirror website and search for all input parameters • Gain database related information • Error Messages • Privileges given to the webserver or database

  12. OS calls • Using any interpreter? • OS service calls (e.g. Sendmail) • Mirror and search code for all calls to external sources. • Privileges given to other services and webserver.

  13. Complete check of information returned in error messages. Guess • application logic through errors codes and messages. • Deconstruction of binary codes (if any) • Is critical data secured and encrypted?

  14. Examine • Token • Cookie • SSID • Serialized Objects

  15. Access points • Regular users • Admin access • Any other?

  16. Ability to brute force at the discovered access points. • Ability to bypass auth. with spoofed tokens • Ability to conduct replay attack. • Forced browsing, does application keep a check by tracking request from each user.

More Related