OWASP Checklist
Spiders, Robots and Crawlers IG-
Search Engine Discovery/Reconnaissance IG-
Identify application entry points IG-
Testing for Web Application Fingerprint IG-
Application Discovery IG-
Analysis of Error Codes IG-
SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness CM‐
DB Listener Testing - DB Listener weak CM‐
Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness CM‐
Application Configuration Management Testing - Application Configuration management weakness CM‐
Testing for File Extensions Handling - File extensions handling CM‐
Old, backup and unreferenced files - Old, backup and unreferenced files CM‐
Infrastructure and Application Admin Interfaces - Access to Admin interfaces CM‐
Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb CM‐
Credentials transport over an encrypted channel - Credentials transport over an encrypted channel AT-
Testing for user enumeration - User enumeration AT-
Testing for Guessable (Dictionary) User Account - Guessable user account AT-
Brute Force Testing - Credentials Brute forcing AT-
Testing for bypassing authentication schema - Bypassing authentication schema AT-
Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset AT-
Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser cache weakness AT-
Testing for CAPTCHA - Weak Captcha implementation AT-
Testing Multiple Factors Authentication - Weak Multiple Factors Authentication AT-
Testing for Race Conditions - Race Conditions vulnerability AT-
Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token SM-
Testing for Cookies attributes - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity SM-
Testing for Session Fixation - Session Fixation SM-
Testing for Exposed Session Variables - Exposed sensitive session variables SM-
Testing for CSRF - CSRF SM-
Testing for Path Traversal - Path Traversal AZ-
Testing for bypassing authorization schema - Bypassing authorization schema AZ-
Testing for Privilege Escalation - Privilege Escalation AZ-
Testing for Business Logic - Bypassable business logic BL-
Testing for Reflected Cross Site Scripting - Reflected XSS DV-
Testing for Stored Cross Site Scripting - Stored XSS DV-
Testing for DOM based Cross Site Scripting - DOM XSS DV-
Testing for Cross Site Flashing - Cross Site Flashing DV-
SQL Injection - SQL Injection DV-
LDAP Injection - LDAP Injection DV-
ORM Injection - ORM Injection DV-
XML Injection - XML Injection DV-
SSI Injection - SSI Injection DV-
XPath Injection - XPath Injection DV-
IMAP/SMTP Injection - IMAP/SMTP Injection DV-
Code Injection - Code Injection DV-
OS Commanding - OS Commanding DV-
Buffer overflow - Buffer overflow DV-
Incubated vulnerability - Incubated vulnerability DV-
Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling DV-
Testing for SQL Wildcard Attacks - SQL Wildcard vulnerability DS-
Locking Customer Accounts - Locking Customer Accounts DS-
Testing for DoS Buffer Overflows - Buffer Overflows DS-
User Specified Object Allocation - User Specified Object Allocation DS-
User Input as a Loop Counter - User Input as a Loop Counter DS-
Writing User Provided Data to Disk - Writing User Provided Data to Disk DS-
Failure to Release Resources - Failure to Release Resources DS-
Storing too Much Data in Session - Storing too Much Data in Session DS-
WS Information Gathering - N.A. WS-
Testing WSDL - WSDL Weakness WS-
XML Structural Testing - Weak XML Structure WS-
XML content-level Testing - XML content-level WS-
HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST WS-
Naughty SOAP attachments - WS Naughty SOAP attachments WS-
Replay Testing - WS Replay Testing WS-
AJAX Vulnerabilities - N.A. AJ-
AJAX Testing - AJAX weakness AJ-
Check Tools
Wikto
Nikto
Paros
TamperIE
Nessus
Nmap
Wget
SamSpade
Spike Proxy
Xenu
Curl
OpenSSL
BURP Proxy
SSLDigger
HTTrack
HTTPrint
Webscarab
Foundstone Cookie Digger