https://lea-linux.org/docs/index.php?action=history&feed=atom&title=Checklist_s%C3%A9curit%C3%A9_pentest_applications 2026-05-19T14:56:01Z Historique des versions pour cette page sur le wiki MediaWiki 1.40.1 https://lea-linux.org/docs/index.php?title=Checklist_s%C3%A9curit%C3%A9_pentest_applications&diff=42807&oldid=prev 2021-09-22T08:00:58Z

<p>Page créée avec « = Checklist sécurité et pentest sur des applis = ( Credits : @Dheerajmadhukar(twitter) ) * [+] Cache Poisoning * [+] Cash Overflow * [+] Clickjacking * [+] Command inj... »</p> <p><b>Nouvelle page</b></p><div>= Checklist sécurité et pentest sur des applis =<br /> <br /> ( Credits : @Dheerajmadhukar(twitter) )<br /> <br /> * [+] Cache Poisoning<br /> * [+] Cash Overflow<br /> * [+] Clickjacking<br /> * [+] Command injection attacks<br /> * [+] Comment Injection Attack<br /> * [+] Content Security Policy<br /> * [+] Content Spoofing<br /> * [+] Credential stuffing<br /> * [+] Cross Frame Scripting<br /> * [+] Cross Site History Manipulation (XSHM)<br /> * [+] Cross Site Tracing<br /> * [+] Cross-Site Request Forgery (CSRF)<br /> * [+] Cross Site Port Attack (XSPA)<br /> * [+] Cross-Site Scripting (XSS)<br /> * [+] Cross-User Defacement<br /> * [+] Custom Special Character Injection<br /> * [+] Denial of Service<br /> * [+] Direct Dynamic Code Evaluation (Eval Injection)<br /> * [+] Execution After Redirect (EAR)<br /> * [+] Exploitation of CORS<br /> * [+] Forced browsing<br /> * [+] Form action hijacking<br /> * [+] Format string attack<br /> * [+] Full Path Disclosure<br /> * [+] Function Injection<br /> * [+] Host Header injection<br /> * [+] HTTP Response Splitting<br /> * [+] HTTP verb tampering<br /> * [+] HTML injection<br /> * [+] LDAP injection<br /> * [+] Log Injection<br /> * [+] Man-in-the-browser attack<br /> * [+] Man-in-the-middle attack<br /> * [+] Mobile code: invoking untrusted mobile code<br /> * [+] Mobile code: non-final public field<br /> * [+] Mobile code: object hijack<br /> * [+] One-Click Attack<br /> * [+] Parameter Delimiter<br /> * [+] Page takeover<br /> * [+] Path Traversal<br /> * [+] Reflected DOM Injection<br /> * [+] Regular expression Denial of Service – ReDoS<br /> * [+] Repudiation Attack<br /> * [+] Resource Injection<br /> * [+] Server-Side Includes (SSI) Injection<br /> * [+] Session fixation<br /> * [+] Session hijacking attack<br /> * [+] Session Prediction<br /> * [+] Setting Manipulation<br /> * [+] Special Element Injection<br /> * [+] SMTP injection<br /> * [+] SQL Injection<br /> * [+] SSI injection<br /> * [+] Traffic flood<br /> * [+] Web Parameter Tampering<br /> * [+] XPATH Injection<br /> * [+] XSRF or SSRF<br /> * [+] Sql Injection Attack<br /> * [+] Hibernate Query Language Injection<br /> * [+] Direct OS Code Injection<br /> * [+] XML Entity Injection<br /> * [+] Broken Authentication and Session Management<br /> * [+] Cross-Site Scripting (XSS)<br /> * [+] Insecure Direct Object References<br /> * [+] Security Misconfiguration<br /> * [+] Sensitive Data Exposure<br /> * [+] Missing Function Level Access Control<br /> * [+] Cross-Site Request Forgery (CSRF)<br /> * [+] Using Components with Known Vulnerabilities<br /> * [+] Unvalidated Redirects and Forwards<br /> * [+] Cross Site Scripting Attacks<br /> * [+] Click Jacking Attacks<br /> * [+] DNS Cache Poisoning</div>

Lea