Useful Links
Computer Science
Cybersecurity
Web Application Penetration Testing
1. Introduction to Web Application Penetration Testing
2. Foundational Web Technologies
3. The Penetration Testing Methodology
4. Setting Up a Testing Environment
5. Information Gathering and Application Mapping
6. Server-Side Vulnerabilities
7. Client-Side Vulnerabilities
8. Authentication and Session Management Testing
9. Application Logic Testing
10. Web Services and API Security Testing
11. Advanced Attack Techniques
12. Reporting and Remediation
Authentication and Session Management Testing
Authentication Mechanism Analysis
Username Enumeration
Response Time Analysis
Error Message Differences
Account Lockout Behavior
Password Policy Testing
Complexity Requirements
Length Restrictions
Character Set Limitations
Multi-Factor Authentication Testing
SMS-Based MFA Bypass
TOTP Implementation Flaws
Backup Code Vulnerabilities
Single Sign-On Testing
SAML Assertion Manipulation
OAuth Flow Vulnerabilities
JWT Token Analysis
Session Token Security
Token Generation Analysis
Randomness Testing
Predictability Assessment
Entropy Measurement
Token Transmission Security
HTTPS Enforcement
Secure Cookie Attributes
Token Exposure Risks
Session Lifecycle Management
Session Creation
Session Renewal
Session Termination
Session Timeout
Session Attacks
Session Fixation
Pre-Authentication Fixation
Post-Authentication Fixation
Session Hijacking
Network-Based Hijacking
Cross-Site Scripting Hijacking
Man-in-the-Middle Attacks
Session Replay Attacks
Concurrent Session Management
JSON Web Token Vulnerabilities
Algorithm Confusion Attacks
None Algorithm Bypass
HMAC to RSA Confusion
Weak Secret Key Attacks
Dictionary Attacks
Brute-Force Attacks
Token Manipulation
Header Manipulation
Payload Manipulation
Signature Stripping
Token Storage and Transmission
Prevention and Mitigation
Previous
7. Client-Side Vulnerabilities
Go to top
Next
9. Application Logic Testing