Skip to content
This repository has been archived by the owner on May 3, 2019. It is now read-only.

Zawadidone/webhacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Assesment
Assesment
 
 
BurpSuite
BurpSuite
 
 
Others
Others
 
 
Resources
Resources
 
 
Technologies
Technologies
 
 
README.md
README.md
 
 

Repository files navigation

WebHacking

Task Checklist

Recon and analysis

  • Harvesting public information
  • Automated discovery
  • Automated application discovery

Session management

  • Session fixation
  • Weak session token quality
  • Weak session token management
  • Weak logout
  • Cross-site request forgery
  • Weak CORS
  • Session token protection
  • No session timeout
  • Session encryption (SSL/TLS)

Authentication

  • Password strength enforcement
  • Authentication bypass
  • Unauthenticated URL access
  • Password brute force
  • Default account(admin)

Authorization

  • Insecure authorization design
  • Only client side authorization
  • Variable manipulation
  • Direct access to resources
  • IDOR

Client side attacks

  • Reflected XSS
  • Stored XSS
  • DOM based XSS
  • Wrong content-type
  • HTTP header injection
  • Malicious URL redirect
  • Clickjacking

Miscellaneous tests

  • LFI/RFI
  • SSRF
  • XML external entity injection
  • OS command injection
  • SQL injection
  • Malicious file upload

Information disclosure

  • Backup files
  • Leaking stackt-traces
  • Comments
  • Path disclosure
  • Directory listing

FAQ

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published