Web Application Attacks and Tests
This table is a concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Category | Test Name |
---|---|
Information Gathering | Search engine discovery / reconnaissance Web application fingerprint Review Webpage Comments and Metadata for Information Leakage Application entry points Identification Execution paths mapping Web application framework fingerprinting Web application fingerprinting Application architecture mapping Information Disclosure by error codes SSL Weakness – SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) |
Configuration and Deploy Management Testing | Application Configuration management weakness File extensions handling – sensitive information Old, Backup and Unreferenced Files – Sensitive Information Unauthorized Admin Interfaces access HTTP Methods enabled, XST permitted, HTTP Verb Http strict transport security RIA cross domain policy Role definitions enumeration Vulnerable user registration process Vulnerable account provisioning process Permissions of Guest/Low Permission Accounts Account suspension/resumption process |
Authentication Testing | Credentials Transported over Unencrypted Channel User enumeration Account lockout Authentication bypass “Remember password” functionality Browser caching Weak password policy Weak password security mechanisms Weak password change or reset flow Race conditions Weak multiple factors authentication Weak CAPTCHA implementation Weaker authentication in alternative channel |
Authorization Testing | Directory traversal/file inclusion Authorization schema bypass Privilege escalation Insecure direct object references |
Session Management Testing | Session management bypass Cookies are set without ‘HTTP Only’, ‘Secure’, and no time validity Session fixation Exposed session variables Cross site request forgery (CSRF) Logout management Session timeout Session puzzling |
Data Validation Testing | Reflected cross site scripting Stored cross site scripting HTTP verb tampering HTTP Parameter pollution / manipulation SQL injection LDAP injection ORM injection XML injection SSI injection Xpath Injection IMAP/SMTP injection Code injection Local/remote file inclusion Command injection Buffer overflow Heap overflow Stack overflow Format string manipulation Incubated vulnerabilities HTTP splitting/smuggling |
Error Handling | Analysis of Error Codes Analysis of Stack Traces |
Cryptography | Weak SSL/TLS ciphers, insufficient transport layer protection Padding oracle Sensitive information sent via unencrypted channels |
Business Logic Testing | Business logic data validation Ability to Forge Requests Integrity checks Process timing Replay attack Circumvention of Work Flows Abuse of Functionality File upload vulnerabilities |
Client Side Testing | DOM based Cross Site Scripting Javascript Execution Html/css injection Client side url redirect Client side resource manipulation Cross origin resource sharing Cross site flashing Clickjacking / UI rendering Web sockets Web messaging Local storage / session storage sensitive information |
AJAX Testing | AJAX weakness |
Denial of Service Testing | SQL Wildcard vulnerability Locking customer accounts Buffer overflows User specified object allocation User Input as a Loop Counter Writing User Provided Data to Disk Failure to Release Resources Storing too Much Data in Session |
Web Services Testing | WS information gathering WSDL weakness Weak xml structure XML content-level WS HTTP GET parameters/REST WS Naughty SOAP attachments WS replay testing |