| Penetration Test Methods | ||
|
BlackBox - Private Penetration Testing |
BlackBox - Shared Penetration Testing |
Method Name |
| Remote PenTest Using minimal prior information about the client services. Is intended only for Private Servers, accordance with the server services. | Remote PenTest Using minimal prior information about the client services. Is intended only for Shared Servers, accordance with the server services. | |
| Information Gathering | ||
| Conduct Search Engine Discovery and Reconnaissance for Information Leakage | ||
| Fingerprint Web Server | ||
| Review Webserver Metafiles for Information Leakage | ||
| Enumerate Applications on Webserver | ||
| Review Webpage Comments and Metadata for Information Leakage | ||
| Identify application entry points | ||
| Map execution paths through application | ||
| Fingerprint Web Application Framework | ||
| Fingerprint Web Application | ||
| Map Network and Application Architecture | ||
| Configuration and Deploy Management Testing | ||
| Test Network/Infrastructure Configuration | ||
| Test Application Platform Configuration | ||
| Test File Extensions Handling for Sensitive Information | ||
| Backup and Unreferenced Files for Sensitive Information | ||
| Enumerate Infrastructure and Application Admin Interfaces | ||
| Test HTTP Methods | ||
| Test HTTP Strict Transport Security | ||
| Test RIA cross domain policy | ||
| Identity Management Testing | ||
| Test Role Definitions | ||
| Test User Registration Process | ||
| Test Account Provisioning Process | ||
| Testing for Account Enumeration and Guessable User Account | ||
| Testing for Weak or unenforced username policy | ||
| Test Permissions of Guest/Training Accounts | ||
| Test Account Suspension/Resumption Process | ||
| Authentication Testing | ||
| Testing for Credentials Transported over an Encrypted Channel | ||
| Testing for default credentials | ||
| Testing for Weak lock out mechanism | ||
| Testing for bypassing authentication schema | ||
| Test remember password functionality | ||
| Testing for Browser cache weakness | ||
| Testing for Weak password policy | ||
| Testing for Weak security question/answer | ||
| Testing for weak password change or reset functionalities | ||
| Testing for Weaker authentication in alternative channel | ||
| Authorization Testing | ||
| Testing Directory traversal/file include | ||
| Testing for bypassing authorization schema | ||
| Testing for Privilege Escalation | ||
| Testing for Insecure Direct Object References | ||
| Session Management Testing | ||
| Testing for Bypassing Session Management Schema | ||
| Testing for Cookies attributes | ||
| Testing for Session Fixation | ||
| Testing for Exposed Session Variables | ||
| Testing for Cross Site Request Forgery | ||
| Testing for logout functionality | ||
| Test Session Timeout | ||
| Testing for Session puzzling | ||
| Data Validation Testing | ||
| Testing for Reflected Cross Site Scripting | ||
| Testing for Stored Cross Site Scripting | ||
| Testing for HTTP Verb Tampering | ||
| Testing for HTTP Parameter pollution | ||
| Testing for SQL Injection | ||
| Testing for NoSQL injection | ||
| Testing for XML Injection | ||
| Testing for SSI Injection | ||
| Testing for XPath Injection | ||
| Testing for Code Injection | ||
| Testing for Local File Inclusion | ||
| Testing for Command Injection | ||
| Testing for Format string | ||
| Testing for incubated vulnerabilities | ||
| Testing for HTTP Splitting/Smuggling | ||
| Oracle Testing | ||
| MySQL Testing | ||
| SQL Server Testing | ||
| Testing PostgreSQL | ||
| MS Access Testing | ||
| IMAP/SMTP Injection | ||
| Testing for Remote File Inclusion | ||
| Testing for Buffer overflow | ||
| Testing for Heap overflow | ||
| Testing for Stack overflow | ||
| Error Handling | ||
| Analysis of Error Codes | ||
| Analysis of Stack Traces | ||
| Cryptography | ||
| Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection | ||
| Testing for Padding Oracle | ||
| Testing for Sensitive information sent via unencrypted channels | ||
| Business Logic Testing | ||
| Test Business Logic Data Validation | ||
| Test Ability to Forge Requests | ||
| Test Integrity Checks | ||
| Test for Process Timing | ||
| Test Defenses Against Application Mis-use | ||
| Test Upload of Unexpected File Types | ||
| Test Upload of Malicious Files | ||
| Client Side Testing | ||
| Testing for DOM based Cross Site Scripting | ||
| Testing for JavaScript Execution | ||
| Testing for HTML Injection | ||
| Testing for Client Side URL Redirect | ||
| Testing for CSS Injection | ||
| Testing for Client Side Resource Manipulation | ||
| Test Cross Origin Resource Sharing | ||
| Testing for Cross Site Flashing | ||
| Testing WebSockets | ||
| Test Web Messaging | ||
| Test Local Storage | ||