Some Web Application Penetration testing & Bug Bounty notes :) Phase 1 – History Phase 2 – Web and Server Technology Phase 3 – Setting up the lab with BurpSuite and bWAPP Phase 4 – Mapping the application and attack surface Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities Phase 6 – Session management testing Phase 7 – Bypassing client-side controls Phase 8 – Attacking authentication/login Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories) Phase 10 – Attacking Input validations (All injections, XSS and mics) Phase 11 – Generating and testing error codes Phase 12 – Weak cryptography testing Phase 13 – Business logic vulnerability https://mega.nz/file/Jv4UyRZL#6ZuyrmCzfgDcwiKggXBJVshCTPrNwLJ3C6DXg_cfBTE 379 views12:53
