The Pentesting Guide

The Pentesting Guide
ℹ️0 - Pre-Engagement
🔍1 - Information Gathering
Passive (OSINT)
Active
💣2 - Exploitation
Brute Forcing
WEB
Web (OWASP Test cases)
WIFI
HUMINT
BoF - Windows(x86)
Active Directory
👿3 - Post Exploitation
File transfer
Shells
Situational Awareness
General
- Linux
- Windows
Local Privilege Escalation
- Linux
- Windows
Persistance
- Windows
Cracking
Pivoting
- Tunnelling & Port Forwarding
Lateral Movement
WIFI
📓4 - Report
🧹5 - House cleaning

Powered by GitBook

On this page

Web (OWASP Test cases)

This section details the suggested tests for evaluating a web application, following the OWASP guidelines.

The tests are the following:

4.1 Information Gathering
4.2 Configuration and Deployment Management Testing
4.3 Identity Management Testing
4.4 Authentication Testing
4.5 Authorization Testing
4.6 Session Management Testing
4.7 Input Validation Testing
4.8 Testing for Error Handling
4.9 Testing for Weak Cryptography
4.10 Business Logic Testing
4.11 Client-side Testing
4.12 API Testing

Last updated 4 months ago