What do we check during the penetration testing

  • Vulnerability assessment
  • Network scanning
  • Search for open ports, services, and versions
  • OSINT
  • Search for CVE
  • Search for publicly available exploits
  • SQL injection
  • XSS injection (Stored, Reflected, DOMbased)
  • Os command injection
  • LFI/RFI
  • Session testing
  • Authorization bypass
  • CSRF
  • Source code review
  • Directory traversal and access to different website folders
  • Remote code execution
  • Credentials brute force
  • Searching for the existence of an admin resource
  • URL parameters test
  • Testing for resistance to DDoS attacks
Did you like the article?
Tell your friends about it