• Kali Linux Bible Book
    Kali Linux Bible Book Cover

Website Penetration Testing Checklists

May 27, 2015

Given the proven complexity of web services, it is important for a penetration tester to be adaptable to each site’s specific architecture and service parameters. At the same time, the testing process must be applied consistently and ensure that nothing is missed. Several methodologies have been proposed to accomplish these goals. The most widely accepted one is the Open Web Application Security Project (OWASP) (www.owasp.org) and its list of the top 10 vulnerabilities.

As a minimum standard, OWASP has provided a strong direction to testers. However, focusing on only the top 10 vulnerabilities is short-sighted, and the methodology has demonstrated some gaps, particularly when applied to finding vulnerabilities in the logic of how an application should work to support business practices.

Using the practical approach, some activities specific to web service reconnaissance to be highlighted include the following:

  • Identifying the target site, especially with regards to where and how it is hosted.
  • Enumerating the site directory structure and files of the target website, including determining if a content management system (CMS) is in use.
  • This may include downloading the website for offline analysis, including document metadata analysis, and using the site to create a custom wordlist for password cracking (using a program such as crunch). It also ensures that all support files are also identified.
  • Identifying the authentication and authorization mechanisms and determining how the session state is maintained during a transaction with that web service. This will usually involve an analysis of cookies and how they are used.
  • Enumerating all forms. As these are the primary means for a client to input data and interact with the web service, these are the specific locations for several exploitable vulnerabilities, such as SQL injection attacks and cross-site scripting.
  • Identifying other areas that accept input, such as pages that allow for file upload as well as any restrictions on accepted upload types.
  • Identifying how errors are handled, and the actual error messages that are received by a user; frequently, the error will provide valuable internal information such as version of software used, or internal file names and processes.
  • Determining which pages require and maintain Secure Sockets Layer or other secure protocols
Share

Uncategorized

GusKhawaja
Gus Khawaja is a security consultant, as well as an author in Cybersecurity. Gus Holds a BS degree in Computer Science and worked in IT security and Web application development. Gus has successfully delivered and developed IT solutions for companies in Canada. He is passionate about Technology and loves what he’s doing. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this minefield. His passion for ethical hacking mixed with his background in programming and IT makes him a wise swiss knife professional in the computer science field.

  • The Best [email protected] Book

    Hack Like The Pros

    Kali Linux Bible Book

    Kali Linux Bible Book Cover

  • Do You Want More Like This!