web analytics

Web Application Penetration Testing Checklist


Penetration testing is the process of testing a software by trained security experts (aka penetration testers or ethical hackers) in order to find out its security vulnerabilities.

The objective of carrying out such a test is to strengthen the security vulnerabilities which the software may contain so that they don’t get easily exploited (or taken advantage of) by the hacking community.

Web Application Penetration Testing

In the case of web application penetration testing, the software being tested is a web application stored in a remote server which clients can access over the internet.

Web applications are obviously easy targets for hackers and therefore it is imperative for the developers of these web applications to frequently carry out penetration testing to ensure their web applications stay healthy – away from various security vulnerabilities and malware attacks.

Let’s take a look at some of the elements every web application penetration testing checklist should contain, in order for the penetration testing process to be really effective.

Web Application Penetration Testing Checklist

  1. Contact Form Testing
  2. Proxy Server(s) Testing
  3. Spam Email Filter Testing
  4. Network Firewall Testing
  5. Security Vulnerability Testing
  6. Credential Encryption Testing
  7. Cookie Testing
  8. Testing For Open Ports
  9. Application Login Page Testing
  10. Error Message Testing
  11. HTTP Method(s) Testing
  12. Username and Password Testing
  13. File Scanning
  14. SQL Injection Testing
  15. XSS Testing
  16. Access Permission Testing
  17. User Session Testing
  18. Brute Force Attack Testing
  19. DoS (Denial of Service) Attack Testing
  20. Directory Browsing

advisor pick´S post