SlideShare a Scribd company logo

Quick App Security Testing

Mreetyunjaya Daas
Mreetyunjaya Daas
1 of 11
App Security Testing
Authentication Checks 1. Login and Change Password pages on SSL?2. All sensitive pages (accepting SSN, Credit Card) over SSL?3. Strong Password Policy? (Joe Accounts/Blank Passwords/Max Password Age/Min Password Age, etc)4. Is Forgot Password page secure?5. Password Change forced on 1st login?6. Re-authenticate before moving to sensitive pages (Edit Account Info?)7. Prompts old password before changing password?8. Has "Remember Me" feature? If so, how's password stored?9. Warns before allowing "Remember Me"?10. Has CAPTCHA to prevent password guessing?11. Does show error msgs like "Invalid User/Invalid Password"?12. Can auth. be by-passed for privileged URL's?13. Is AutoComplete set to OFF?14. Is password re-submitted on 'Back/Refresh' of browser?15. SQL Injection in login?
Session Management 1. Is session id random enough?2. Session Timeout present?3. Stored in what form? (persistent cookie/in-memory cookie)?4. Session Id expires on request tampering?5. Sensitive data in cookie?6. Can you see X user's data with Y's session id?7. Session expires at server-side on logout?8. Can logged out user's session be re-used?9. Is new session id generated on login?10. Is cookie over-written on logout?
SQL Injection Checks 1. SQL Injection : '2. SQL Injection : ' OR 1=1 --3. SQL Injection : '; waitfor delay'00:00:05'--
XSS Checks 1. XSS Javascript2. XSS Encoded3. XSS Cookie4. Is CSRF possible?
Input Validation Checks 1. Use proxy to by-pass client side validation?2. Generate errors for information disclosure?3. Web Page source reveals sensitive application information4. HTTP Headers manipulation5. Viewstate manipulation6. GET and POST parameter manipulation
Secure Storage Checks 1. Are passwords stored in clear text?2. Is sensitive information like Credit Card encrypted?3. What encryption algo used? Standard or Proprietary?4. Is connection string in clear text?5. Any passwords hard-coded in application?
Browser Checks 1. Check browser history? Are sensitive pages cached?2. Is data cached by search engines or desktop search engine?3. Any hard-coded secrets in javascripts?4. Web Page code reveals sensitive comments?
File Checks 1. Is file upload /download allowed?2. Can files be downloaded directly from URL?3. Can malicious files be uploaded?
Environment Checks 1. Are default apps installed?2. Are default accounts enabled? Do they have strong passwords?3. Is firewall deployed?4. Is code obfuscated?5. Can detect server details using banner grabbing?6. Are forms bot resistant?
Tools Paros Burpsuite Webscarab GrendalScan Wireshark

Recommended

SSO (Single Sign On/Off)
SSO (Single Sign On/Off)SSO (Single Sign On/Off)
SSO (Single Sign On/Off)Russel Mahmud
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
Security 101
Security 101Security 101
Security 101George V. Reilly
 
referer spoof
referer spoofreferer spoof
referer spoofblackprice2
 
Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Tim Bass
 
Secure Code Warrior - Fail securely
Secure Code Warrior - Fail securelySecure Code Warrior - Fail securely
Secure Code Warrior - Fail securelySecure Code Warrior
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 

Recommended

SSO (Single Sign On/Off)
SSO (Single Sign On/Off)SSO (Single Sign On/Off)
SSO (Single Sign On/Off)Russel Mahmud
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
Security 101
Security 101Security 101
Security 101George V. Reilly
 
referer spoof
referer spoofreferer spoof
referer spoofblackprice2
 
Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Tim Bass
 
Secure Code Warrior - Fail securely
Secure Code Warrior - Fail securelySecure Code Warrior - Fail securely
Secure Code Warrior - Fail securelySecure Code Warrior
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Mobitop
MobitopMobitop
MobitopArchitect-CoE- Automation Testing - Sridhar
 
소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해rhfems10
 
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...Sharron Mangum
 
20090202 Cstudio
20090202 Cstudio20090202 Cstudio
20090202 Cstudiowonju jung
 
캐피탈 국문
캐피탈 국문캐피탈 국문
캐피탈 국문Hyundai Finance
 
Cell Seeding poster presented at WBC
Cell Seeding poster presented at WBCCell Seeding poster presented at WBC
Cell Seeding poster presented at WBCAlexandra Levin
 
How to Create Incredibly Catchy Titles for Blog Posts
How to Create Incredibly Catchy Titles for Blog PostsHow to Create Incredibly Catchy Titles for Blog Posts
How to Create Incredibly Catchy Titles for Blog PostsBrandon Gaille (Host of The Blog Millionaire Podcast)
 
Justin Holt
Justin HoltJustin Holt
Justin Holtjustinholt005
 
(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅Sang Lee
 
손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅 손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅 Sang Lee
 
High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...HCS Pharma
 
Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15MikeHayler
 
카카오톡 마켓팅.
카카오톡 마켓팅.카카오톡 마켓팅.
카카오톡 마켓팅.kim young gyun
 
Teep team
Teep team Teep team
Teep team marshy815
 
Extremism and suicide bombing history
Extremism and suicide bombing history Extremism and suicide bombing history
Extremism and suicide bombing history Passion Impex
 
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PRAgnes Choi
 
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331RocketPunch Inc.
 
Mobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile AppMobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile AppDoug Sillars
 
INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)Lucas Maximiliano Lim
 
CURRICULUM VITAE
CURRICULUM VITAECURRICULUM VITAE
CURRICULUM VITAEsanta bahadur tamang
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
 

More Related Content

Viewers also liked

소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해rhfems10
 
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...Sharron Mangum
 
20090202 Cstudio
20090202 Cstudio20090202 Cstudio
20090202 Cstudiowonju jung
 
Cell Seeding poster presented at WBC
Cell Seeding poster presented at WBCCell Seeding poster presented at WBC
Cell Seeding poster presented at WBCAlexandra Levin
 
(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅Sang Lee
 
손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅 손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅 Sang Lee
 
High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...HCS Pharma
 
Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15MikeHayler
 
카카오톡 마켓팅.
카카오톡 마켓팅.카카오톡 마켓팅.
카카오톡 마켓팅.kim young gyun
 
Extremism and suicide bombing history
Extremism and suicide bombing history Extremism and suicide bombing history
Extremism and suicide bombing history Passion Impex
 
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PRAgnes Choi
 
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331RocketPunch Inc.
 
Mobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile AppMobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile AppDoug Sillars
 
INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)Lucas Maximiliano Lim
 

Viewers also liked (20)

Mobitop
MobitopMobitop
Mobitop
 
소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해소셜커머스 비즈니스에 대한 이해
소셜커머스 비즈니스에 대한 이해
 
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
Extremism, Religion, and Psychiatric Morbidity: Young men’s attitudes toward...
 
20090202 Cstudio
20090202 Cstudio20090202 Cstudio
20090202 Cstudio
 
캐피탈 국문
캐피탈 국문캐피탈 국문
캐피탈 국문
 
Cell Seeding poster presented at WBC
Cell Seeding poster presented at WBCCell Seeding poster presented at WBC
Cell Seeding poster presented at WBC
 
How to Create Incredibly Catchy Titles for Blog Posts
How to Create Incredibly Catchy Titles for Blog PostsHow to Create Incredibly Catchy Titles for Blog Posts
How to Create Incredibly Catchy Titles for Blog Posts
 
Justin Holt
Justin HoltJustin Holt
Justin Holt
 
(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅(십삼월)작은기업을 위한 유튜브마케팅
(십삼월)작은기업을 위한 유튜브마케팅
 
손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅 손에잡히는 소셜미디어마케팅
손에잡히는 소셜미디어마케팅
 
High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...High Content Screening of automated wound healing and cytotoxicity assays in ...
High Content Screening of automated wound healing and cytotoxicity assays in ...
 
Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15Wellbeing and safeguarding 23.10.15
Wellbeing and safeguarding 23.10.15
 
카카오톡 마켓팅.
카카오톡 마켓팅.카카오톡 마켓팅.
카카오톡 마켓팅.
 
Teep team
Teep team Teep team
Teep team
 
Extremism and suicide bombing history
Extremism and suicide bombing history Extremism and suicide bombing history
Extremism and suicide bombing history
 
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
효과적인 홍보의 7가지 원칙 | 7 Principles for Effective PR
 
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
[New 로켓펀치] 로켓펀치 X 크레딧데이터 20160331
 
Mobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile AppMobile App Security: How Secure is your Mobile App
Mobile App Security: How Secure is your Mobile App
 
INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)INICS America 회사소개서 (한국어 버젼)
INICS America 회사소개서 (한국어 버젼)
 
CURRICULUM VITAE
CURRICULUM VITAECURRICULUM VITAE
CURRICULUM VITAE
 

Similar to Quick App Security Testing

Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationMd Mahfuzur Rahman
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Sean Jackson
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...APNIC
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTshiriskumar
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 

Similar to Quick App Security Testing (20)

Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web Application
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
 
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...
Securing our digital life, presentation for Samoa IT Association (SITA) Tech ...
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 

Quick App Security Testing

  • 2. Authentication Checks 1. Login and Change Password pages on SSL?2. All sensitive pages (accepting SSN, Credit Card) over SSL?3. Strong Password Policy? (Joe Accounts/Blank Passwords/Max Password Age/Min Password Age, etc)4. Is Forgot Password page secure?5. Password Change forced on 1st login?6. Re-authenticate before moving to sensitive pages (Edit Account Info?)7. Prompts old password before changing password?8. Has "Remember Me" feature? If so, how's password stored?9. Warns before allowing "Remember Me"?10. Has CAPTCHA to prevent password guessing?11. Does show error msgs like "Invalid User/Invalid Password"?12. Can auth. be by-passed for privileged URL's?13. Is AutoComplete set to OFF?14. Is password re-submitted on 'Back/Refresh' of browser?15. SQL Injection in login?
  • 3. Session Management 1. Is session id random enough?2. Session Timeout present?3. Stored in what form? (persistent cookie/in-memory cookie)?4. Session Id expires on request tampering?5. Sensitive data in cookie?6. Can you see X user's data with Y's session id?7. Session expires at server-side on logout?8. Can logged out user's session be re-used?9. Is new session id generated on login?10. Is cookie over-written on logout?
  • 4. SQL Injection Checks 1. SQL Injection : '2. SQL Injection : ' OR 1=1 --3. SQL Injection : '; waitfor delay'00:00:05'--
  • 5. XSS Checks 1. XSS Javascript2. XSS Encoded3. XSS Cookie4. Is CSRF possible?
  • 6. Input Validation Checks 1. Use proxy to by-pass client side validation?2. Generate errors for information disclosure?3. Web Page source reveals sensitive application information4. HTTP Headers manipulation5. Viewstate manipulation6. GET and POST parameter manipulation
  • 7. Secure Storage Checks 1. Are passwords stored in clear text?2. Is sensitive information like Credit Card encrypted?3. What encryption algo used? Standard or Proprietary?4. Is connection string in clear text?5. Any passwords hard-coded in application?
  • 8. Browser Checks 1. Check browser history? Are sensitive pages cached?2. Is data cached by search engines or desktop search engine?3. Any hard-coded secrets in javascripts?4. Web Page code reveals sensitive comments?
  • 9. File Checks 1. Is file upload /download allowed?2. Can files be downloaded directly from URL?3. Can malicious files be uploaded?
  • 10. Environment Checks 1. Are default apps installed?2. Are default accounts enabled? Do they have strong passwords?3. Is firewall deployed?4. Is code obfuscated?5. Can detect server details using banner grabbing?6. Are forms bot resistant?
  • 11. Tools Paros Burpsuite Webscarab GrendalScan Wireshark