Web Application Penetration Testing Checklist Overview
Penetration testing is the process of testing a software by trained security experts (aka penetration testers or ethical hackers) in order to find out its security vulnerabilities. The objective of carrying out such a test is to strengthen the security vulnerabilities which the software may contain so that they don’t get easily exploited (or taken advantage of) by the hacking community.
In the case of web application penetration testing, the software being tested is a web application stored in a remote server which clients can access over the internet. Web applications are obviously easy targets for hackers and therefore it is imperative for the developers of these web applications to frequently carry out penetration testing to ensure their web applications stay healthy – away from various security vulnerabilities and malware attacks.
In this blog, let’s take a look at some of the elements every web application penetration testing checklist should contain, in order for the penetration testing process to be really effective.
List of Web App Pen Testing Checklist
Here are the list of web application Penetration Testing checklist:
- Contact Form Testing
- Proxy Server(s) Testing
- Spam Email Filter Testing
- Network Firewall Testing
- Security Vulnerability Testing
- Credential Encryption Testing
- Cookie Testing
- Testing For Open Ports
- Application Login Page Testing
- Error Message Testing
- HTTP Method(s) Testing
- Username and Password Testing
- File Scanning
- SQL Injection Testing
- XSS Testing
- Access Permission Testing
- User Session Testing
- Brute Force Attack Testing
- DoS (Denial of Service) Attack Testing
- Directory Browsing
Contact Form Testing
The most preferred entry point for spammers is often a web application’s contact form. Therefore the contact form you have in your web application should be able to identify and prevent such spam attacks. Including CAPTCHA is one of the easiest ways of preventing contact form spamming.
Proxy Server(s) Testing
Proxy servers play a huge role in scrutinizing the traffic to your web application and pointing out any malicious activity. Therefore ensure the proxy servers within your network are functioning accurately and efficiently. Tools like Burp Proxy and OWSAP ZAP can go a long way in helping you accomplish this task.
Spam Email Filter Testing
Ensure spam email filters are functioning properly. Verify if they are successfully filtering the incoming and outgoing traffic and blocking unsolicited emails. In other words, ensure that email security policies are being enforced properly. Because, as we all know, spam mails are the much-preferred mode of attack for hackers.
Network Firewall Testing
Make sure your firewall is preventing undesirable traffic from entering into your web application. Also, ensure the security policies configured using the firewall are being implemented properly. A glitch in your firewall is like sending an invitation to hackers to come and hack your web application.
Security Vulnerability Testing
Carry out a thorough security check on various aspects associated with your web application like servers and other such network devices and make a list of the security vulnerabilities they pose. Then find and implement ways to fix them.
Credential Encryption Testing
Ensure all usernames and passwords are encrypted and transferred over secure “HTTPS” connection so that these credentials are not compromised by hackers through man-in-the-middle or other such attacks. Because just as your web application needs to be secure, so is the sensitive data being submitted by your clients.
Cookies store data related to user sessions. Therefore this piece of sensitive information, if it is exposed to the hackers, can result in the security of many users who visit your website or web application being compromised. Therefore ensure your cookie data is not exposed. Or in other words, not available in readable format or as plain text.
Testing For Open Ports
Open ports on the web server on which your web application has been hosted also present a good opportunity for hackers to exploit your web application’s security. Therefore carry out this security check and ensure there are no open ports on your web server.
Application Login Page Testing
Ensure your web application locks itself up after a specific number of unsuccessful login attempts. This is one of the most basic elements, which, when implemented correctly can go a long way in securing your web application from hackers.
Error Message Testing
Ensures all your error messages are generic and do not reveal too much about the problem. If you do so, it’s like announcing to the hacking community, “we have a problem here, you’re welcome to exploit it!” For example: “Invalid Credentials” is fine, but the message should not be specific as “invalid username or password.”
HTTP Method(s) Testing
Also review the HTTP methods used by your web application to interact with your clients. Ensure PUT and Delete methods are not enabled, as doing so will allow hackers to easily exploit your web application.
Username and Password Testing
Test all the usernames/passwords that are used on your web application. Passwords should be fairly complex and usernames should not be easily guessable. Separate such weak usernames and passwords and alert those users to change them.
Ensure all files you upload to your web application or server are scanned before they are uploaded.
SQL Injection Testing
SQL injection is one of the most popular methods employed by hackers when it comes to exploiting web applications and websites. Therefore ensure your web application is resistant to various forms of SQL injection.
Also ensure your web application resists cross-site scripting or XSS attacks as well.
Access Permission Testing
Check the access permissions of your users and in case your web application provides role-based access, then ensure users are getting access only to those parts of the web application to which they have the right. Nothing more or less.
User Session Testing
This is very important. Ensure that user sessions end upon log off. Because if they don’t, that valid session can be easily hijacked by hackers – this process is known as session hijacking – for carrying out malicious activity.
Brute Force Attack Testing
Using appropriate testing tools, ensure your web application stays safe against brute force attacks.
DoS (Denial of Service) Attack Testing
Also ensure your web application stays safe against DoS (Denial of Service) attacks by using appropriate testing tools.
Ensure directory browsing is disabled on the web server which hosts your web application. Because if you don’t, you’ll be giving hackers easy access to your restricted files.
Kevin Jones940 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.