Suggested Baseline
The following is an outline of where to start. Any Web Application that is Published on CloudScan.Me and/or XSS.CX failed to ensure the following checklist was audited thus resulting in a vulnerability.
Credit: Lifted from Portswigger
Recon and Analysis
Spider and Map Public IP Ranges
Spider and Map Public Content
Spider and Map Protected Content
Inventory and MAP URL | Parameters
Inventory and Map Data Ingress|Egress Points
Inventory and Map Server and Client Technologies
Spider and Map Public Content
Spider and Map Protected Content
Inventory and MAP URL | Parameters
Inventory and Map Data Ingress|Egress Points
Inventory and Map Server and Client Technologies
Access Control Testing
Authentication
Test password quality rules
Test for username enumeration
Test resilience to password guessing
Test any account recovery function
Test any "remember me" function
Test any impersonation function
Test username uniqueness
Check for unsafe distribution of credentials
Test for fail-open conditions
Test any multi-stage mechanisms
Session Handling
Test tokens for meaning
Test tokens for predictability
Check for insecure transmission of tokens
Check for disclosure of tokens in logs
Check mapping of tokens to sessions
Check session termination
Check for session fixation
Check for cross-site request forgery
Check cookie scope
Access controls
Understand the access control requirements
Test effectiveness of controls, using multiple accounts if possible
Test for insecure access control methods (request parameters, Referer header, etc)
Test password quality rules
Test for username enumeration
Test resilience to password guessing
Test any account recovery function
Test any "remember me" function
Test any impersonation function
Test username uniqueness
Check for unsafe distribution of credentials
Test for fail-open conditions
Test any multi-stage mechanisms
Session Handling
Test tokens for meaning
Test tokens for predictability
Check for insecure transmission of tokens
Check for disclosure of tokens in logs
Check mapping of tokens to sessions
Check session termination
Check for session fixation
Check for cross-site request forgery
Check cookie scope
Access controls
Understand the access control requirements
Test effectiveness of controls, using multiple accounts if possible
Test for insecure access control methods (request parameters, Referer header, etc)
Datasanitization Testing
Fuzz all request parameters
Test for SQL injection
Identify all reflected data
Test for reflected XSS
Test for HTTP header injection
Test for arbitrary redirection
Test for stored attacks
Test for OS command injection
Test for path traversal
Test for script injection
Test for file inclusion
Test for SMTP injection
Test for native software flaws (buffer overflow, integer bugs, format strings)
Test for SOAP injection
Test for LDAP injection
Test for XPath injection
Test for SQL injection
Identify all reflected data
Test for reflected XSS
Test for HTTP header injection
Test for arbitrary redirection
Test for stored attacks
Test for OS command injection
Test for path traversal
Test for script injection
Test for file inclusion
Test for SMTP injection
Test for native software flaws (buffer overflow, integer bugs, format strings)
Test for SOAP injection
Test for LDAP injection
Test for XPath injection
Application Logic Testing
Identify the logic attack surface
Test transmission of data via the client
Test for reliance on client-side input validation
Test any thick-client components (Java, ActiveX, Flash)
Test multi-stage processes for logic flaws
Test handling of incomplete input
Test trust boundaries
Test transaction logic
Test transmission of data via the client
Test for reliance on client-side input validation
Test any thick-client components (Java, ActiveX, Flash)
Test multi-stage processes for logic flaws
Test handling of incomplete input
Test trust boundaries
Test transaction logic
Server Platform Testing
Perform Common Vulnerability Scoring System for OS, Database, Server and Web Apps
Test segregation in shared infrastructures for well-known exploitation
Test segregation between ASP-hosted applications
Test for web server vulnerabilities
Default credentials
Default content
Dangerous HTTP methods
Proxy functionality
Virtual hosting mis-configuration
Bugs in web server software
Test segregation in shared infrastructures for well-known exploitation
Test segregation between ASP-hosted applications
Test for web server vulnerabilities
Default credentials
Default content
Dangerous HTTP methods
Proxy functionality
Virtual hosting mis-configuration
Bugs in web server software
Miscellaneous tests
Check for DOM-based attacks
Check for frame injection
Check for local privacy vulnerabilities
Persistent cookies
Caching
Sensitive data in URL parameters
Forms with autocomplete enabled
Follow up any information leakage
Check for weak SSL ciphers
Check for frame injection
Check for local privacy vulnerabilities
Persistent cookies
Caching
Sensitive data in URL parameters
Forms with autocomplete enabled
Follow up any information leakage
Check for weak SSL ciphers
No comments:
Post a Comment