Web Testing Checklist
This comprehensive web testing checklist covers critical security aspects to consider when evaluating the safety of your web application. Each item includes a description, practical examples using common penetration testing tools, prevention measures, and additional resources for in-depth learning.
Cross-Site Scripting (XSS)
Test for XSS vulnerabilities where malicious scripts can be injected into web pages viewed by other users.
SQL Injection
Check for SQL injection vulnerabilities where malicious SQL statements can be inserted into application queries.
Cross-Site Request Forgery (CSRF)
Test for CSRF vulnerabilities where unauthorized commands are transmitted from a user that the web application trusts.
Broken Authentication
Check for vulnerabilities in authentication mechanisms that could allow attackers to impersonate legitimate users.
Security Misconfiguration
Identify security misconfigurations that could lead to vulnerabilities in the application or its infrastructure.
Insecure Deserialization
Test for vulnerabilities related to insecure deserialization of user-supplied data.
XML External Entity (XXE) Injection
Check for XXE vulnerabilities in XML parsing that could lead to sensitive data disclosure or server-side request forgery.
Server-Side Request Forgery (SSRF)
Test for SSRF vulnerabilities where an attacker can make the server perform unintended network requests.
Clickjacking
Test for clickjacking vulnerabilities where an attacker can trick a user into clicking on something different from what the user perceives.
Insecure Direct Object References (IDOR)
Test for IDOR vulnerabilities where an attacker can manipulate references to access unauthorized data.