Member-only story
Quick Guide to Web Penetration Testing
2 min readJul 7, 2021
Through this article, we will discuss some tests and guidelines that are part of my Web Penetration Testing methodology.
Testing for Username/Email Enumeration
- through Login Error Message Discrepancy
- through Forgot/Reset Password Functionality
- through Registration Form
- through Response Time Discrepancy
- through Response Size Discrepancy
- through Account Lockout Message
Testing for Vulnerable Components
- Vulnerable Libraries/Server/Proxy/Frameworks
- Vulnerable WAF
- Using Wappalyzer Extension
- Using Snyk Database
- Using Browser Console
Testing for Information Disclosure
- through Error Pages
- through Response Headers
- through comments
- through StackTrace/Debug messages
- through direct request
- through other HTTP Methods
- through files
