This website works better with JavaScript
Strona główna
Odkrywaj
Pomoc
Zaloguj się
msc
/
cheatsheets
Obserwuj
1
Polub
0
Forkuj
0
Pliki
Problemy
0
Oczekujące zmiany
0
Wiki
Gałąź:
wip
Gałęzie
Tagi
master
wip
cheatsheets
/
checklists
/
web
/
web-application-audit.md
web-application-audit.md
986 B
Bezpośredni odnośnik
Historia
Czysty
title: Web Application Audit date: 2021-01-13 categories: [checklists]
tags: [web, audit]
Web Application Audit
Injection
SQLi
Local/Remote File Inclusion
Broken Auth
User Enumeration (Error messages/Response size/Timing)
No Brute-force Protections
Bad Password Policy
Bad Session Implementation
Sensitive Data
Non-existant/Insufficient Crypto
SSL Scan for Bad Crypto
Bad Storage of Sensitive Data
Directory/File Discovery/Fuzzing
XXE
XXE
Broken Access Control
Access Unintended Data
Direct/Hidden Links/Requests
Bad Config
Headers
Cookies
Error Messages/Stack Traces
Directory Traversal
Directory/File Discovery/Fuzzing
Malicious File Upload
XSS
Persistent XSS
DOM XSS
Reflected XSS
Insecure Deserialisation
Insecure Deserialisation
Vulnerable Components
Outdated/Vulnerable Software