Checklist sécurité pentest applications

De Lea Linux
Révision datée du 22 septembre 2021 à 10:00 par Lea (discussion | contributions) (Page créée avec « = Checklist sécurité et pentest sur des applis = ( Credits : @Dheerajmadhukar(twitter) ) * [+] Cache Poisoning * [+] Cash Overflow * [+] Clickjacking * [+] Command inj... »)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à la navigation Aller à la recherche

Checklist sécurité et pentest sur des applis

( Credits : @Dheerajmadhukar(twitter) )

  • [+] Cache Poisoning
  • [+] Cash Overflow
  • [+] Clickjacking
  • [+] Command injection attacks
  • [+] Comment Injection Attack
  • [+] Content Security Policy
  • [+] Content Spoofing
  • [+] Credential stuffing
  • [+] Cross Frame Scripting
  • [+] Cross Site History Manipulation (XSHM)
  • [+] Cross Site Tracing
  • [+] Cross-Site Request Forgery (CSRF)
  • [+] Cross Site Port Attack (XSPA)
  • [+] Cross-Site Scripting (XSS)
  • [+] Cross-User Defacement
  • [+] Custom Special Character Injection
  • [+] Denial of Service
  • [+] Direct Dynamic Code Evaluation (Eval Injection)
  • [+] Execution After Redirect (EAR)
  • [+] Exploitation of CORS
  • [+] Forced browsing
  • [+] Form action hijacking
  • [+] Format string attack
  • [+] Full Path Disclosure
  • [+] Function Injection
  • [+] Host Header injection
  • [+] HTTP Response Splitting
  • [+] HTTP verb tampering
  • [+] HTML injection
  • [+] LDAP injection
  • [+] Log Injection
  • [+] Man-in-the-browser attack
  • [+] Man-in-the-middle attack
  • [+] Mobile code: invoking untrusted mobile code
  • [+] Mobile code: non-final public field
  • [+] Mobile code: object hijack
  • [+] One-Click Attack
  • [+] Parameter Delimiter
  • [+] Page takeover
  • [+] Path Traversal
  • [+] Reflected DOM Injection
  • [+] Regular expression Denial of Service – ReDoS
  • [+] Repudiation Attack
  • [+] Resource Injection
  • [+] Server-Side Includes (SSI) Injection
  • [+] Session fixation
  • [+] Session hijacking attack
  • [+] Session Prediction
  • [+] Setting Manipulation
  • [+] Special Element Injection
  • [+] SMTP injection
  • [+] SQL Injection
  • [+] SSI injection
  • [+] Traffic flood
  • [+] Web Parameter Tampering
  • [+] XPATH Injection
  • [+] XSRF or SSRF
  • [+] Sql Injection Attack
  • [+] Hibernate Query Language Injection
  • [+] Direct OS Code Injection
  • [+] XML Entity Injection
  • [+] Broken Authentication and Session Management
  • [+] Cross-Site Scripting (XSS)
  • [+] Insecure Direct Object References
  • [+] Security Misconfiguration
  • [+] Sensitive Data Exposure
  • [+] Missing Function Level Access Control
  • [+] Cross-Site Request Forgery (CSRF)
  • [+] Using Components with Known Vulnerabilities
  • [+] Unvalidated Redirects and Forwards
  • [+] Cross Site Scripting Attacks
  • [+] Click Jacking Attacks
  • [+] DNS Cache Poisoning
Récupérée de « https://lea-linux.org/docs/index.php?title=Checklist_sécurité_pentest_applications&oldid=42807 »