Web App #Penetration Testing for Beginners:
1.Testing for browser cache weaknesses // Assessing Authentication Schemes // Web App Penetration
2. Testing for account enumeration and guessable accounts // Assessing Authentication Schemes
3. Testing for weak lock-out mechanisms // Assessing Authentication Schemes // Web App Penetration
4. Account provisioning process via REST API // Assessing Authentication Schemes // Web App Penetration
5. Bypassing authentication schemes // Assessing Authentication Schemes // Web App Penetration
6. Testing for directory traversal // Directory traversal // OWASP Mutillidae
7. Assessing Authorization Checks // Local File Include (LFI) // OWASP Mutillidae
8. Assessing Authorization Checks // Remote File Inclusion (RFI) // OWASP Mutillidae
9. Assessing Authorization Checks // Privilege escalation // OWASP Mutillidae
10. Assessing Authorization Checks // Insecure Direct Object Reference (IDOR) // OWASP Mutillidae
11. Testing session token strength using Sequencer // Assessing Session Management Mechanisms
12. Testing for cookie attributes // Assessing Session Management Mechanisms
13. Testing for session fixation // Assessing Session Management Mechanisms
14. Testing for exposed session variables // Assessing Session Management Mechanisms
15. Testing for Cross-Site Request Forgery // Assessing Session Management Mechanisms
16. Business logic data validation // Assessing Business Logic
17. Unrestricted file upload — bypassing weak validation // Assessing Business Logic
18. Performing process-timing attacks // Assessing Business Logic
19. Circumvention of work flows // Assessing Business Logic
21. Uploading malicious files — polyglots // Assessing Business Logic
22. Testing for reflected cross-site scripting // Evaluating Input Validation Checks
23. Testing for stored cross-site scripting // Evaluating Input Validation Checks
