Web App #Penetration Testing for Beginners:

1.Testing for browser cache weaknesses // Assessing Authentication Schemes // Web App Penetration

2. Testing for account enumeration and guessable accounts // Assessing Authentication Schemes

3. Testing for weak lock-out mechanisms // Assessing Authentication Schemes // Web App Penetration

4. Account provisioning process via REST API // Assessing Authentication Schemes // Web App Penetration

5. Bypassing authentication schemes // Assessing Authentication Schemes // Web App Penetration

6. Testing for directory traversal // Directory traversal // OWASP Mutillidae

7. Assessing Authorization Checks // Local File Include (LFI) // OWASP Mutillidae

8. Assessing Authorization Checks // Remote File Inclusion (RFI) // OWASP Mutillidae

9. Assessing Authorization Checks // Privilege escalation // OWASP Mutillidae

10. Assessing Authorization Checks // Insecure Direct Object Reference (IDOR) // OWASP Mutillidae

11. Testing session token strength using Sequencer // Assessing Session Management Mechanisms

12. Testing for cookie attributes // Assessing Session Management Mechanisms

13. Testing for session fixation // Assessing Session Management Mechanisms

14. Testing for exposed session variables // Assessing Session Management Mechanisms

15. Testing for Cross-Site Request Forgery // Assessing Session Management Mechanisms

16. Business logic data validation // Assessing Business Logic

17. Unrestricted file upload — bypassing weak validation // Assessing Business Logic

18. Performing process-timing attacks // Assessing Business Logic

19. Circumvention of work flows // Assessing Business Logic

21. Uploading malicious files — polyglots // Assessing Business Logic

22. Testing for reflected cross-site scripting // Evaluating Input Validation Checks

23. Testing for stored cross-site scripting // Evaluating Input Validation Checks

Web App Penetration Testing Tutorials

Assessing Authentication Schemes // bugbounty

Assessing Authorization Checks

OWASP Mutillidae LAB

https://twitter.com/cyberbruharmy