Web Application Penetration Testing Checklist

Information Gathering

1. • Manually explore the site.
2. • Spider/crawl for missed or hidden content.
3. • Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store.
4. • Check the caches of major search engines for publicly accessible sites.
5. • Check for differences in content based on User Agent (e.g., Mobile sites, access as a Search engine Crawler).
6. • Perform Web Application Fingerprinting.
7. • Identify technologies used.
8. • Identify user roles.
9. • Identify application entry points.
10. • Identify client-side code.
11. • Identify multiple versions/channels (e.g., web, mobile web, mobile app, web services).
12. • Identify all hostnames and ports.
13. • Identify third-party hosted content.
14. • Identify Debug parameters.

Configuration Management

• Check for commonly used application and administrative URLs.

• Check for old, backup, and unreferenced files.

• Check HTTP methods supported and Cross-Site Tracing (XST).

• Test file extensions handling.

• Test for security HTTP headers (e.g., CSP, X-Frame-Options, HSTS).