User Review( votes)
Web Application Hardening Checklist or web application audit checklist
If you are a security guy and want to know about the checklist for web application vulnerability for the reason of audit any web application then you are in the right place. Here are some lists of web application hardening checklist. What major errors you should look for and how to check that you have covered all the points. So then this article is very essential for a security auditor or inspector.
All web application audit checklist are given below.
- Non validated input.
- Input filed with autocomplete where not necessary such as admin login.
- Restrictions on what authenticated users are allowed to do are not properly enforced.
- Account credentials and session tokens are not properly protected.
- Cross Site Scripting (XSS) Flaws.
- Buffer Overflows.
- SQL injection.
- SSI injection.
- LDAP injection.
- Cross-site scripting.
- Command injection.
- XPath injection.
- Improper Error Handling.
- Insecure Storage.
- Directory Disclosure.
- Password not hashes using plain text.
- Weak password policy.
- Denial of Service.
- Insecure Configuration Management.
- Malware or suspicious code inclusion.
- Shell code execution.
- CSRF Token over plain text.
- Use cookie not safely.
- Format string vulnerabilities.
- Username enumeration.
- Version disclosure.
- Not stored log securely.
- Stores Cookies in unsecured way.
- Stores visitors confidential information and credit or debit card details.
- If outside of intranet then using https or http.
- Weak password reset system.
- Not destroy the session after logout.