Useful Links
Computer Science
Cybersecurity
Security Testing
1. Foundations of Security Testing
2. Security Testing Methodologies
3. Types of Security Assessments
4. Penetration Testing Execution Standard
5. Web Application Security Testing
6. Mobile Application Security Testing
7. Infrastructure Security Testing
8. Security Testing Tools and Environments
9. Reporting, Remediation, and Verification
10. DevSecOps Integration
Penetration Testing Execution Standard
Pre-Engagement Phase
Scoping and Requirements
Objective Definition
Success Criteria
Testing Boundaries
Resource Allocation
Legal and Contractual Framework
Statement of Work
Rules of Engagement
Liability and Insurance
Emergency Contact Procedures
Communication Planning
Reporting Schedule
Escalation Procedures
Status Update Protocols
Technical Preparation
Tool Selection
Environment Setup
Team Coordination
Intelligence Gathering
Passive Reconnaissance
Open Source Intelligence Collection
Social Media Investigation
Public Records Research
DNS and WHOIS Analysis
Search Engine Reconnaissance
Active Reconnaissance
Network Discovery
Port Scanning
Service Enumeration
Operating System Fingerprinting
Application Identification
Information Analysis
Data Correlation
Attack Surface Mapping
Target Prioritization
Threat Modeling
Asset Identification
Critical System Identification
Data Classification
Business Process Mapping
Threat Actor Analysis
Motivation Assessment
Capability Evaluation
Access Level Determination
Attack Path Analysis
Entry Point Identification
Lateral Movement Paths
Privilege Escalation Routes
Risk Prioritization
Impact Assessment
Likelihood Evaluation
Business Risk Calculation
Vulnerability Analysis
Vulnerability Discovery
Automated Scanning
Manual Testing
Configuration Review
Vulnerability Validation
False Positive Elimination
Exploitability Confirmation
Impact Verification
Vulnerability Classification
Severity Rating
Exploitability Assessment
Business Impact Analysis
Exploitation Phase
Initial Access
Vulnerability Exploitation
Social Engineering
Physical Access
Privilege Escalation
Local Privilege Escalation
Domain Privilege Escalation
Service Account Compromise
Persistence Establishment
Backdoor Installation
Scheduled Task Creation
Registry Modification
Defense Evasion
Antivirus Bypass
Logging Evasion
Network Detection Avoidance
Post-Exploitation Activities
System Enumeration
User Account Discovery
System Information Gathering
Network Mapping
Lateral Movement
Network Traversal
Credential Harvesting
Remote System Access
Data Exfiltration
Sensitive Data Identification
Data Collection Methods
Covert Communication Channels
Impact Demonstration
Business Process Disruption
Data Integrity Compromise
Service Availability Impact
Evidence Collection
Screenshot Documentation
Log File Capture
System State Recording
Reporting and Communication
Executive Summary
Business Risk Overview
Key Findings Summary
Strategic Recommendations
Technical Report
Detailed Findings
Exploitation Steps
Evidence Documentation
Risk Ratings
Remediation Guidance
Immediate Actions
Short-term Fixes
Long-term Improvements
Verification Methods
Presentation and Briefing
Stakeholder Communication
Technical Deep-Dives
Management Reporting
Previous
3. Types of Security Assessments
Go to top
Next
5. Web Application Security Testing