frero-uni/TDT4237
0
0
Fork 0
Code Issues Pull Requests Releases Activity

vulnerabilities

Browse Source
This commit is contained in:
Fredrik Robertsen
2026-01-29 09:56:26 +01:00
commit dd36f3c45a
1 changed files with 130 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
vulnerabilities.md Normal file
View File

@@ -0,0 +1,130 @@
# Testing Checklist
The following is the list of items to test during the assessment:
Note: The `Status` column can be set for values similar to "Pass", "Fail", "N/A".
| Test ID | Test Name | Status | Notes |
|-------------------|----------------------------------------------------------------------------|--------|-------|
| **WSTG-INFO** | **Information Gathering** | | |
| WSTG-INFO-01 | Conduct Search Engine Discovery and Reconnaissance for Information Leakage | | |
| WSTG-INFO-02 | Fingerprint Web Server | | |
| WSTG-INFO-03 | Review Webserver Metafiles for Information Leakage | | |
| WSTG-INFO-04 | Enumerate Applications on Webserver | | |
| WSTG-INFO-05 | Review Webpage Content for Information Leakage | | |
| WSTG-INFO-06 | Identify Application Entry Points | | |
| WSTG-INFO-07 | Map Execution Paths Through Application | | |
| WSTG-INFO-08 | Fingerprint Web Application Framework | | |
| WSTG-INFO-09 | Fingerprint Web Application | | |
| WSTG-INFO-10 | Map Application Architecture | | |
| **WSTG-CONF** | **Configuration and Deploy Management Testing** | | |
| WSTG-CONF-01 | Test Network Infrastructure Configuration | | |
| WSTG-CONF-02 | Test Application Platform Configuration | | |
| WSTG-CONF-03 | Test File Extensions Handling for Sensitive Information | | |
| WSTG-CONF-04 | Review Old Backup and Unreferenced Files for Sensitive Information | | |
| WSTG-CONF-05 | Enumerate Infrastructure and Application Admin Interfaces | | |
| WSTG-CONF-06 | Test HTTP Methods | | |
| WSTG-CONF-07 | Test HTTP Strict Transport Security | | |
| WSTG-CONF-08 | Test RIA Cross Domain Policy | | |
| WSTG-CONF-09 | Test File Permission | | |
| WSTG-CONF-10 | Test for Subdomain Takeover | | |
| WSTG-CONF-11 | Test Cloud Storage | | |
| WSTG-CONF-12 | Testing for Content Security Policy | | |
| WSTG-CONF-13 | Test Path Confusion | | |
| WSTG-CONF-14 | Test Other HTTP Security Header Misconfigurations | | |
| **WSTG-IDNT** | **Identity Management Testing** | | |
| WSTG-IDNT-01 | Test Role Definitions | | |
| WSTG-IDNT-02 | Test User Registration Process | | |
| WSTG-IDNT-03 | Test Account Provisioning Process | | |
| WSTG-IDNT-04 | Testing for Account Enumeration and Guessable User Account | | |
| WSTG-IDNT-05 | Testing for Weak or Unenforced Username Policy | | |
| **WSTG-ATHN** | **Authentication Testing** | | |
| WSTG-ATHN-01 | Testing for Credentials Transported over an Encrypted Channel | likely | http |
| WSTG-ATHN-02 | Testing for Default Credentials | yes | admin |
| WSTG-ATHN-03 | Testing for Weak Lock Out Mechanism | yes | |
| WSTG-ATHN-04 | Testing for Bypassing Authentication Schema | maybe | no fb |
| WSTG-ATHN-05 | Testing for Vulnerable Remember Password | | |
| WSTG-ATHN-06 | Testing for Browser Cache Weakness | maybe | |
| WSTG-ATHN-07 | Testing for Weak Password Policy | yes | |
| WSTG-ATHN-08 | Testing for Weak Security Question Answer | | |
| WSTG-ATHN-09 | Testing for Weak Password Change or Reset Functionalities | yes | |
| WSTG-ATHN-10 | Testing for Weaker Authentication in Alternative Channel | | |
| WSTG-ATHN-11 | Testing Multi-Factor Authentication (MFA) | | |
| **WSTG-ATHZ** | **Authorization Testing** | | |
| WSTG-ATHZ-01 | Testing Directory Traversal File Include | | |
| WSTG-ATHZ-02 | Testing for Bypassing Authorization Schema | | |
| WSTG-ATHZ-03 | Testing for Privilege Escalation | | |
| WSTG-ATHZ-04 | Testing for Insecure Direct Object References | | |
| WSTG-ATHZ-05 | Testing for OAuth Weaknesses | | |
| **WSTG-SESS** | **Session Management Testing** | | |
| WSTG-SESS-01 | Testing for Session Management Schema | | |
| WSTG-SESS-02 | Testing for Cookies Attributes | | |
| WSTG-SESS-03 | Testing for Session Fixation | | |
| WSTG-SESS-04 | Testing for Exposed Session Variables | | |
| WSTG-SESS-05 | Testing for Cross Site Request Forgery | | |
| WSTG-SESS-06 | Testing for Logout Functionality | yes | rplay |
| WSTG-SESS-07 | Testing Session Timeout | | |
| WSTG-SESS-08 | Testing for Session Puzzling | | |
| WSTG-SESS-09 | Testing for Session Hijacking | | |
| WSTG-SESS-10 | Testing JSON Web Tokens | | |
| WSTG-SESS-11 | Testing for Concurrent Sessions | | |
| **WSTG-INPV** | **Input Validation Testing** | | |
| WSTG-INPV-01 | Testing for Reflected Cross Site Scripting | | |
| WSTG-INPV-02 | Testing for Stored Cross Site Scripting | | |
| WSTG-INPV-03 | Testing for HTTP Verb Tampering | | |
| WSTG-INPV-04 | Testing for HTTP Parameter pollution | | |
| WSTG-INPV-05 | Testing for SQL Injection | | |
| WSTG-INPV-06 | Testing for LDAP Injection | | |
| WSTG-INPV-07 | Testing for XML Injection | | |
| WSTG-INPV-08 | Testing for SSI Injection | | |
| WSTG-INPV-09 | Testing for XPath Injection | | |
| WSTG-INPV-10 | Testing for IMAP SMTP Injection | | |
| WSTG-INPV-11 | Testing for Code Injection | | |
| WSTG-INPV-12 | Testing for Command Injection | | |
| WSTG-INPV-13 | Testing for Format String Injection | | |
| WSTG-INPV-14 | Testing for Incubated Vulnerabilities | | |
| WSTG-INPV-15 | Testing for HTTP Splitting Smuggling | | |
| WSTG-INPV-16 | Testing for HTTP Incoming Requests | | |
| WSTG-INPV-17 | Testing for Host Header Injection | | |
| WSTG-INPV-18 | Testing for Server-Side Template Injection | | |
| WSTG-INPV-19 | Testing for Server-Side Request Forgery | | |
| WSTG-INPV-20 | Testing for Mass Assignment | | |
| **WSTG-ERRH** | **Error Handling** | | |
| WSTG-ERRH-01 | Testing for Improper Error Handling | | |
| WSTG-ERRH-02 | Testing for Stack Traces | | |
| **WSTG-CRYP** | **Cryptography** | | |
| WSTG-CRYP-01 | Testing for Weak Transport Layer Security | | |
| WSTG-CRYP-02 | Testing for Padding Oracle | | |
| WSTG-CRYP-03 | Testing for Sensitive Information Sent Via Unencrypted Channels | | |
| WSTG-CRYP-04 | Testing for Weak Encryption | | |
| **WSTG-BUSLOGIC** | **Business Logic Testing** | | |
| WSTG-BUSL-01 | Test Business Logic Data Validation | | |
| WSTG-BUSL-02 | Test Ability to Forge Requests | | |
| WSTG-BUSL-03 | Test Integrity Checks | | |
| WSTG-BUSL-04 | Test for Process Timing | | |
| WSTG-BUSL-05 | Test Number of Times a Function Can Be Used Limits | | |
| WSTG-BUSL-06 | Testing for the Circumvention of Work Flows | | |
| WSTG-BUSL-07 | Test Defenses Against Application Misuse | | |
| WSTG-BUSL-08 | Test Upload of Unexpected File Types | | |
| WSTG-BUSL-09 | Test Upload of Malicious Files | | |
| WSTG-BUSL-10 | Test Payment Functionality | | |
| **WSTG-CLIENT** | **Client-side Testing** | | |
| WSTG-CLNT-01 | Testing for DOM Based Cross Site Scripting | | |
| WSTG-CLNT-02 | Testing for JavaScript Execution | | |
| WSTG-CLNT-03 | Testing for HTML Injection | | |
| WSTG-CLNT-04 | Testing for Client-Side URL Redirect | | |
| WSTG-CLNT-05 | Testing for CSS Injection | | |
| WSTG-CLNT-06 | Testing for Client-Side Resource Manipulation | | |
| WSTG-CLNT-07 | Test Cross Origin Resource Sharing | | |
| WSTG-CLNT-08 | Testing for Cross Site Flashing | | |
| WSTG-CLNT-09 | Testing for Clickjacking | | |
| WSTG-CLNT-10 | Testing WebSockets | | |
| WSTG-CLNT-11 | Test Web Messaging | | |
| WSTG-CLNT-12 | Test Browser Storage | | |
| WSTG-CLNT-13 | Testing for Cross Site Script Inclusion | | |
| WSTG-CLNT-14 | Testing for Reverse Tabnabbing | | |
| **WSTG-APIT** | **API Testing** | | |
| WSTG-APIT-01 | API Reconnaissance | | |
| WSTG-APIT-02 | API Broken Object Level Authorization | | |
| WSTG-APIT-99 | Testing GraphQL | | |