Penetration testing is the process of testing a software by trained security experts (aka penetration testers or ethical hackers) in order to find out its security vulnerabilities.
The objective of carrying out such a test is to strengthen the security vulnerabilities which the software may contain so that they don’t get easily exploited (or taken advantage of) by the hacking community.
Web Application Penetration Testing
In the case of web application penetration testing, the software being tested is a web application stored in a remote server which clients can access over the internet.
Web applications are obviously easy targets for hackers and therefore it is imperative for the developers of these web applications to frequently carry out penetration testing to ensure their web applications stay healthy – away from various security vulnerabilities and malware attacks.
Let’s take a look at some of the elements every web application penetration testing checklist should contain, in order for the penetration testing process to be really effective.
Web Application Penetration Testing Checklist
- Contact Form Testing
- Proxy Server(s) Testing
- Spam Email Filter Testing
- Network Firewall Testing
- Security Vulnerability Testing
- Credential Encryption Testing
- Cookie Testing
- Testing For Open Ports
- Application Login Page Testing
- Error Message Testing
- HTTP Method(s) Testing
- Username and Password Testing
- File Scanning
- SQL Injection Testing
- XSS Testing
- Access Permission Testing
- User Session Testing
- Brute Force Attack Testing
- DoS (Denial of Service) Attack Testing
- Directory Browsing