Web Application Audit Checklist

Web application audit checklist and hardening process

  • How you rate this article ?
5
Sending
User Review
0 (0 votes)

Web application audit checklist and hardening process with an audit process.

If you are a security guy and want to know about the checklist for web application vulnerability for the reason of audit any web application then you are in the right place. Here are some lists of web application hardening checklists. What major errors you should look for and how to check that you have covered all the points. So then this article is very essential for a security auditor or inspector. Assume you are entitled to an application security audit, here is the best and easy way to understand how to do and what to do for a Web application audit checklist and hardening process. Hope this will help you much with the information.

All web application audit checklists are given below.

  1. Non-validated input.
  2. Input filed with autocomplete what is not necessary such as admin login.
  3. Restrictions on what authenticated users are allowed to do are not properly enforced.
  4. Account credentials and session tokens are not properly protected.
  5. Cross-Site Scripting (XSS) Flaws.
  6. Buffer Overflows.
  7. SQL injection.
  8. SSI injection.
  9. LDAP injection.
  10. Cross-site scripting.
  11. Command injection.
  12. XPath injection.
  13. Improper Error Handling.
  14. Insecure Storage.
  15. Directory Disclosure.
  16. Password, not hashes using plain text.
  17. Weak password policy.
  18. Denial of Service.
  19. Insecure Configuration Management.
  20. Malware or suspicious code inclusion.
  21. Shellcode execution.
  22. CSRF Token over plain text.
  23. Use cookie not safely.
  24. Format string vulnerabilities.
  25. Username enumeration.
  26. Version disclosure.
  27. Not stored log securely.
  28. Stores Cookies in an unsecured way.
  29. Stores visitors confidential information and credit or debit card details.
  30. If outside of intranet then using HTTPS or HTTP.
  31. Weak password reset the system.
  32. Not destroy the session after logout.
%d bloggers like this: