The Pentesting Guide

Ctrlk

The Pentesting Guide
ℹ️0 - Pre-Engagement
🔍1 - Information Gathering
Passive (OSINT)
Active
💣2 - Exploitation
Brute Forcing
WEB
Web (OWASP Test cases)
WIFI
HUMINT
BoF - Windows(x86)
Active Directory
👿3 - Post Exploitation
File transfer
Shells
Situational Awareness
General
Local Privilege Escalation
Persistance
Cracking
Pivoting
Lateral Movement
WIFI
📓4 - Report
🧹5 - House cleaning

Powered by GitBook

On this page

Web (OWASP Test cases)

This section details the suggested tests for evaluating a web application, following the OWASP guidelines.

The tests are the following:

4.1 Information Gathering
4.2 Configuration and Deployment Management Testing
4.3 Identity Management Testing
4.4 Authentication Testing
4.5 Authorization Testing
4.6 Session Management Testing
4.7 Input Validation Testing
4.8 Testing for Error Handling
4.9 Testing for Weak Cryptography
4.10 Business Logic Testing
4.11 Client-side Testing
4.12 API Testing

Last updated 11 months ago