atul161 · April 28, 2022 00:27
diff --git a/gistfile1.txt b/gistfile1.txt
 Crieteria	Checklist
 Information Gathering	Manually explore the site
 	Spider/crawl for missed or hidden content
 	Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
 	Check the caches of major search engines for publicly accessible sites
 	Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
 	Perform Web Application Fingerprinting
 	Identify technologies used
 	Identify user roles
 	Identify application entry points
 	Identify client-side code
 	Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
 	Identify co-hosted and related applications
 	Identify all hostnames and ports
 	Identify third-party hosted content
 	
 Configuration Management	Check for commonly used application and administrative URLs
 	Check for old, backup and unreferenced files
 	Check HTTP methods supported and Cross Site Tracing (XST)
 	Test file extensions handling
 	Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
 	Test for policies (e.g. Flash, Silverlight, robots)
 	Test for non-production data in live environment, and vice-versa
 	Check for sensitive data in client-side code (e.g. API keys, credentials)
 	
 Secure Transmission	Check SSL Version, Algorithms, Key length
 	Check for Digital Certificate Validity (Duration, Signature and CN)
 	Check credentials only delivered over HTTPS
 	Check that the login form is delivered over HTTPS
 	Check session tokens only delivered over HTTPS
 	Check if HTTP Strict Transport Security (HSTS) in use
 	
 Authentication	Test for user enumeration
 	Test for authentication bypass
 	Test for bruteforce protection
 	Test password quality rules
 	Test remember me functionality
 	Test for autocomplete on password forms/input
 	Test password reset and/or recovery
 	Test password change process
 	Test CAPTCHA
 	Test multi factor authentication
 	Test for logout functionality presence
 	Test for cache management on HTTP (eg Pragma, Expires, Max-age)
 	Test for default logins
 	Test for user-accessible authentication history
 	Test for out-of channel notification of account lockouts and successful password changes
 	Test for consistent authentication across applications with shared authentication schema / SSO
 	
 Session Management	Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
 	Check session tokens for cookie flags (httpOnly and secure)
 	Check session cookie scope (path and domain)
 	Check session cookie duration (expires and max-age)
 	Check session termination after a maximum lifetime
 	Check session termination after relative timeout
 	Check session termination after logout
 	Test to see if users can have multiple simultaneous sessions
 	Test session cookies for randomness
 	Confirm that new session tokens are issued on login, role change and logout
 	Test for consistent session management across applications with shared session management
 	Test for session puzzling
 	Test for CSRF and clickjacking
 	
 Authorization	Test for path traversal
 	Test for bypassing authorization schema
 	Test for vertical Access control problems (a.k.a. Privilege Escalation)
 	Test for horizontal Access control problems (between two users at the same privilege level)
 	Test for missing authorization
 	
 Data Validation	Test for Reflected Cross Site Scripting
 	Test for Stored Cross Site Scripting
 	Test for DOM based Cross Site Scripting
 	Test for Cross Site Flashing
 	Test for HTML Injection
 	Test for SQL Injection
 	Test for LDAP Injection
 	Test for ORM Injection
 	Test for XML Injection
 	Test for XXE Injection
 	Test for SSI Injection
 	Test for XPath Injection
 	Test for XQuery Injection
 	Test for IMAP/SMTP Injection
 	Test for Code Injection
 	Test for Expression Language Injection
 	Test for Command Injection
 	Test for Overflow (Stack, Heap and Integer)
 	Test for Format String
 	Test for incubated vulnerabilities
 	Test for HTTP Splitting/Smuggling
 	Test for HTTP Verb Tampering
 	Test for Open Redirection
 	Test for Local File Inclusion
 	Test for Remote File Inclusion
 	Compare client-side and server-side validation rules
 	Test for NoSQL injection
 	Test for HTTP parameter pollution
 	Test for auto-binding
 	Test for Mass Assignment
 	Test for NULL/Invalid Session Cookie
 	
 Denial of Service	Test for anti-automation
 	Test for account lockout
 	Test for HTTP protocol DoS
 	Test for SQL wildcard DoS
 	
 Business Logic	Test for feature misuse
 	Test for lack of non-repudiation
 	Test for trust relationships
 	Test for integrity of data
 	Test segregation of duties
 	
 Cryptography	Check if data which should be encrypted is not
 	Check for wrong algorithms usage depending on context
 	Check for weak algorithms usage
 	Check for proper use of salting
 	Check for randomness functions
 	
 Risky Functionality - File Uploads	Test that acceptable file types are whitelisted
 	Test that file size limits, upload frequency and total file counts are defined and are enforced
 	Test that file contents match the defined file type
 	Test that all file uploads have Anti-Virus scanning in-place.
 	Test that unsafe filenames are sanitised
 	Test that uploaded files are not directly accessible within the web root
 	Test that uploaded files are not served on the same hostname/port
 	Test that files and other media are integrated with the authentication and authorisation schemas
 	
 Risky Functionality - Card Payment	Test for known vulnerabilities and configuration issues on Web Server and Web Application
 	Test for default or guessable password
 	Test for non-production data in live environment, and vice-versa
 	Test for Injection vulnerabilities
 	Test for Buffer Overflows
 	Test for Insecure Cryptographic Storage
 	Test for Insufficient Transport Layer Protection
 	Test for Improper Error Handling
 	Test for all vulnerabilities with a CVSS v2 score > 4.0
 	Test for Authentication and Authorization issues
 	Test for CSRF
 	
 HTML 5	Test Web Messaging
 	Test for Web Storage SQL injection
 	Check CORS implementation
 	Check Offline Web Application
 	
 	
 Priority	
 Broken Access Control	
 Cryptographic Failures	
 Injection	
 Insecure Design	
 Security Misconfiguration	
 Vulnerable and Outdated Components	
 Identification and Authentication Failures	
 Software and Data Integrity Failures	
 Security Logging and Monitoring Failures	
 Server Side Request Forgery (SSRF)	
 	
 	
 Proactive Controls	
 Define Security Requirements	Abuse Case 
 	Threat Modeling 
 	Abuse Case 
 	
 Leverage Security Frameworks and Libraries	Clickjacking Defense 
 	Vulnerable Dependency Management 
 	
 Secure Database Access	SQL Injection Prevention 
 	Query Parameterization 
 	
 Encode and Escape Data	AJAX Security  (Client Side)
 	
 Encode and Escape Data	Cross Site Scripting Prevention 
 	DOM based XSS Prevention 
 	Injection Prevention 
 	Injection Prevention  in Java
 	LDAP Injection Prevention 
 	
 Validate All Inputs	Bean Validation 
 	Deserialization 
 	Input Validation 
 	Injection Prevention 
 	Injection Prevention  in Java
 	Mass Assignment 
 	OS Command Injection Defense 
 	File Upload 
 	Clickjacking Defense 
 	Unvalidated Redirects and Forwards 
 	XML External Entity Prevention 
 	Server Side Request Forgery Prevention 
 	
 Implement Digital Identity	Authentication 
 	Choosing and Using Security Questions 
 	Forgot Password 
 	JAAS 
 	Password Storage 
 	REST Security  (JWT)
 	SAML Security 
 	Session Management 
 	
 Enforce Access 	Access Control 
 	Authorization Testing Automation
 	Credential Stuffing Prevention 
 	Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
 	REST Security  (Access Control)
 	Insecure Direct Object Reference Prevention 
 	Transaction Authorization 
 	
 Protect Data Everywhere	Cryptographic Storage 
 	TLS Cipher String 
 	Transport Layer Protection 
 	Key Management 
 	HTTP Strict Transport Security 
 	Pinning 
 	REST Security  (HTTPS)
 	User Privacy Protection 
 	
 Implement Security Logging and Monitoring	REST Security  (Audit Logs)
 	Logging 
 	
 Handle All Errors and Exceptions	REST Security  (Error Handling)
 	Error Handling 
 	
 	
 EXTRAS	
 AJAX Security	
 Abuse Case	
 Access Control	
 Attack Surface Analysis	
 Authentication	
 Authorization	
 Authorization Testing Automation	
 Bean Validation	
 C-Based Toolchain Hardening	
 Choosing and Using Security Questions	
 Clickjacking Defense	
 Content Security Policy	
 Credential Stuffing Prevention	
 Cross-Site Request Forgery Prevention	
 Cross Site Scripting Prevention	
 Cryptographic Storage	
 DOM based XSS Prevention	
 Database Security	
 Denial of Service	
 Deserialization	
 Docker Security	
 DotNet Security	
 Error Handling	
 File Upload	
 Forgot Password	
 GraphQL	
 HTML5 Security	
 HTTP Headers	
 HTTP Strict Transport Security	
 Infrastructure as Code Security	
 Injection Prevention	
 Injection Prevention in Java	
 Input Validation	
 Insecure Direct Object Reference Prevention	
 JAAS	
 JSON Web Token for Java	
 Key Management	
 Kubernetes Security	
 LDAP Injection Prevention	
 Laravel	
 Logging	
 Logging Vocabulary	
 Mass Assignment	
 Microservices based Security Arch Doc	
 Microservices security.md	
 Multifactor Authentication	
 NPM Security	
 NodeJS Docker	
 Nodejs Security	
 OS Command Injection Defense	
 PHP Configuration	
 Password Storage	
 Pinning	
 Query Parameterization	
 REST Assessment	
 REST Security	
 Ruby on Rails	
 SAML Security	
 SQL Injection Prevention	
 Secrets Management CheatSheet.md	
 Securing Cascading Style Sheets	
 Server Side Request Forgery Prevention	
 Session Management	
 TLS Cipher String	
 Third Party Javascript Management	
 Threat Modeling	
 Transaction Authorization	
 Transport Layer Protection	
 Unvalidated Redirects and Forwards	
 User Privacy Protection	
 Virtual Patching	
 Vulnerability Disclosure	
 Vulnerable Dependency Management	
 Web Service Security	
 XML External Entity Prevention	
 XML Security	
 XSS Filter Evasion	
 XS Leaks
	Crieteria Checklist
	Information Gathering Manually explore the site
	Spider/crawl for missed or hidden content
	Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
	Check the caches of major search engines for publicly accessible sites
	Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
	Perform Web Application Fingerprinting
	Identify technologies used
	Identify user roles
	Identify application entry points
	Identify client-side code
	Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
	Identify co-hosted and related applications
	Identify all hostnames and ports
	Identify third-party hosted content

	Configuration Management Check for commonly used application and administrative URLs
	Check for old, backup and unreferenced files
	Check HTTP methods supported and Cross Site Tracing (XST)
	Test file extensions handling
	Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
	Test for policies (e.g. Flash, Silverlight, robots)
	Test for non-production data in live environment, and vice-versa
	Check for sensitive data in client-side code (e.g. API keys, credentials)

	Secure Transmission Check SSL Version, Algorithms, Key length
	Check for Digital Certificate Validity (Duration, Signature and CN)
	Check credentials only delivered over HTTPS
	Check that the login form is delivered over HTTPS
	Check session tokens only delivered over HTTPS
	Check if HTTP Strict Transport Security (HSTS) in use

	Authentication Test for user enumeration
	Test for authentication bypass
	Test for bruteforce protection
	Test password quality rules
	Test remember me functionality
	Test for autocomplete on password forms/input
	Test password reset and/or recovery
	Test password change process
	Test CAPTCHA
	Test multi factor authentication
	Test for logout functionality presence
	Test for cache management on HTTP (eg Pragma, Expires, Max-age)
	Test for default logins
	Test for user-accessible authentication history
	Test for out-of channel notification of account lockouts and successful password changes
	Test for consistent authentication across applications with shared authentication schema / SSO

	Session Management Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
	Check session tokens for cookie flags (httpOnly and secure)
	Check session cookie scope (path and domain)
	Check session cookie duration (expires and max-age)
	Check session termination after a maximum lifetime
	Check session termination after relative timeout
	Check session termination after logout
	Test to see if users can have multiple simultaneous sessions
	Test session cookies for randomness
	Confirm that new session tokens are issued on login, role change and logout
	Test for consistent session management across applications with shared session management
	Test for session puzzling
	Test for CSRF and clickjacking

	Authorization Test for path traversal
	Test for bypassing authorization schema
	Test for vertical Access control problems (a.k.a. Privilege Escalation)
	Test for horizontal Access control problems (between two users at the same privilege level)
	Test for missing authorization

	Data Validation Test for Reflected Cross Site Scripting
	Test for Stored Cross Site Scripting
	Test for DOM based Cross Site Scripting
	Test for Cross Site Flashing
	Test for HTML Injection
	Test for SQL Injection
	Test for LDAP Injection
	Test for ORM Injection
	Test for XML Injection
	Test for XXE Injection
	Test for SSI Injection
	Test for XPath Injection
	Test for XQuery Injection
	Test for IMAP/SMTP Injection
	Test for Code Injection
	Test for Expression Language Injection
	Test for Command Injection
	Test for Overflow (Stack, Heap and Integer)
	Test for Format String
	Test for incubated vulnerabilities
	Test for HTTP Splitting/Smuggling
	Test for HTTP Verb Tampering
	Test for Open Redirection
	Test for Local File Inclusion
	Test for Remote File Inclusion
	Compare client-side and server-side validation rules
	Test for NoSQL injection
	Test for HTTP parameter pollution
	Test for auto-binding
	Test for Mass Assignment
	Test for NULL/Invalid Session Cookie

	Denial of Service Test for anti-automation
	Test for account lockout
	Test for HTTP protocol DoS
	Test for SQL wildcard DoS

	Business Logic Test for feature misuse
	Test for lack of non-repudiation
	Test for trust relationships
	Test for integrity of data
	Test segregation of duties

	Cryptography Check if data which should be encrypted is not
	Check for wrong algorithms usage depending on context
	Check for weak algorithms usage
	Check for proper use of salting
	Check for randomness functions

	Risky Functionality - File Uploads Test that acceptable file types are whitelisted
	Test that file size limits, upload frequency and total file counts are defined and are enforced
	Test that file contents match the defined file type
	Test that all file uploads have Anti-Virus scanning in-place.
	Test that unsafe filenames are sanitised
	Test that uploaded files are not directly accessible within the web root
	Test that uploaded files are not served on the same hostname/port
	Test that files and other media are integrated with the authentication and authorisation schemas

	Risky Functionality - Card Payment Test for known vulnerabilities and configuration issues on Web Server and Web Application
	Test for default or guessable password
	Test for non-production data in live environment, and vice-versa
	Test for Injection vulnerabilities
	Test for Buffer Overflows
	Test for Insecure Cryptographic Storage
	Test for Insufficient Transport Layer Protection
	Test for Improper Error Handling
	Test for all vulnerabilities with a CVSS v2 score > 4.0
	Test for Authentication and Authorization issues
	Test for CSRF

	HTML 5 Test Web Messaging
	Test for Web Storage SQL injection
	Check CORS implementation
	Check Offline Web Application


	Priority
	Broken Access Control
	Cryptographic Failures
	Injection
	Insecure Design
	Security Misconfiguration
	Vulnerable and Outdated Components
	Identification and Authentication Failures
	Software and Data Integrity Failures
	Security Logging and Monitoring Failures
	Server Side Request Forgery (SSRF)


	Proactive Controls
	Define Security Requirements Abuse Case
	Threat Modeling
	Abuse Case

	Leverage Security Frameworks and Libraries Clickjacking Defense
	Vulnerable Dependency Management

	Secure Database Access SQL Injection Prevention
	Query Parameterization

	Encode and Escape Data AJAX Security (Client Side)

	Encode and Escape Data Cross Site Scripting Prevention
	DOM based XSS Prevention
	Injection Prevention
	Injection Prevention in Java
	LDAP Injection Prevention

	Validate All Inputs Bean Validation
	Deserialization
	Input Validation
	Injection Prevention
	Injection Prevention in Java
	Mass Assignment
	OS Command Injection Defense
	File Upload
	Clickjacking Defense
	Unvalidated Redirects and Forwards
	XML External Entity Prevention
	Server Side Request Forgery Prevention

	Implement Digital Identity Authentication
	Choosing and Using Security Questions
	Forgot Password
	JAAS
	Password Storage
	REST Security (JWT)
	SAML Security
	Session Management

	Enforce Access Access Control
	Authorization Testing Automation
	Credential Stuffing Prevention
	Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
	REST Security (Access Control)
	Insecure Direct Object Reference Prevention
	Transaction Authorization

	Protect Data Everywhere Cryptographic Storage
	TLS Cipher String
	Transport Layer Protection
	Key Management
	HTTP Strict Transport Security
	Pinning
	REST Security (HTTPS)
	User Privacy Protection

	Implement Security Logging and Monitoring REST Security (Audit Logs)
	Logging

	Handle All Errors and Exceptions REST Security (Error Handling)
	Error Handling


	EXTRAS
	AJAX Security
	Abuse Case
	Access Control
	Attack Surface Analysis
	Authentication
	Authorization
	Authorization Testing Automation
	Bean Validation
	C-Based Toolchain Hardening
	Choosing and Using Security Questions
	Clickjacking Defense
	Content Security Policy
	Credential Stuffing Prevention
	Cross-Site Request Forgery Prevention
	Cross Site Scripting Prevention
	Cryptographic Storage
	DOM based XSS Prevention
	Database Security
	Denial of Service
	Deserialization
	Docker Security
	DotNet Security
	Error Handling
	File Upload
	Forgot Password
	GraphQL
	HTML5 Security
	HTTP Headers
	HTTP Strict Transport Security
	Infrastructure as Code Security
	Injection Prevention
	Injection Prevention in Java
	Input Validation
	Insecure Direct Object Reference Prevention
	JAAS
	JSON Web Token for Java
	Key Management
	Kubernetes Security
	LDAP Injection Prevention
	Laravel
	Logging
	Logging Vocabulary
	Mass Assignment
	Microservices based Security Arch Doc
	Microservices security.md
	Multifactor Authentication
	NPM Security
	NodeJS Docker
	Nodejs Security
	OS Command Injection Defense
	PHP Configuration
	Password Storage
	Pinning
	Query Parameterization
	REST Assessment
	REST Security
	Ruby on Rails
	SAML Security
	SQL Injection Prevention
	Secrets Management CheatSheet.md
	Securing Cascading Style Sheets
	Server Side Request Forgery Prevention
	Session Management
	TLS Cipher String
	Third Party Javascript Management
	Threat Modeling
	Transaction Authorization
	Transport Layer Protection
	Unvalidated Redirects and Forwards
	User Privacy Protection
	Virtual Patching
	Vulnerability Disclosure
	Vulnerable Dependency Management
	Web Service Security
	XML External Entity Prevention
	XML Security
	XSS Filter Evasion
	XS Leaks