atul161/gist:494db5b8d9642f4cd6416509c3b98806

## gistfile1.txt
Crieteria	Checklist
Information Gathering	Manually explore the site
	Spider/crawl for missed or hidden content
	Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
	Check the caches of major search engines for publicly accessible sites
	Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
	Perform Web Application Fingerprinting
	Identify technologies used
	Identify user roles
	Identify application entry points
	Identify client-side code
	Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
	Identify co-hosted and related applications
	Identify all hostnames and ports
	Identify third-party hosted content

Configuration Management	Check for commonly used application and administrative URLs
	Check for old, backup and unreferenced files
	Check HTTP methods supported and Cross Site Tracing (XST)
	Test file extensions handling
	Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
	Test for policies (e.g. Flash, Silverlight, robots)
	Test for non-production data in live environment, and vice-versa
	Check for sensitive data in client-side code (e.g. API keys, credentials)

Secure Transmission	Check SSL Version, Algorithms, Key length
	Check for Digital Certificate Validity (Duration, Signature and CN)
	Check credentials only delivered over HTTPS
	Check that the login form is delivered over HTTPS
	Check session tokens only delivered over HTTPS
	Check if HTTP Strict Transport Security (HSTS) in use

Authentication	Test for user enumeration
	Test for authentication bypass
	Test for bruteforce protection
	Test password quality rules
	Test remember me functionality
	Test for autocomplete on password forms/input
	Test password reset and/or recovery
	Test password change process
	Test CAPTCHA
	Test multi factor authentication
	Test for logout functionality presence
	Test for cache management on HTTP (eg Pragma, Expires, Max-age)
	Test for default logins
	Test for user-accessible authentication history
	Test for out-of channel notification of account lockouts and successful password changes
	Test for consistent authentication across applications with shared authentication schema / SSO

Session Management	Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
	Check session tokens for cookie flags (httpOnly and secure)
	Check session cookie scope (path and domain)
	Check session cookie duration (expires and max-age)
	Check session termination after a maximum lifetime
	Check session termination after relative timeout
	Check session termination after logout
	Test to see if users can have multiple simultaneous sessions
	Test session cookies for randomness
	Confirm that new session tokens are issued on login, role change and logout
	Test for consistent session management across applications with shared session management
	Test for session puzzling
	Test for CSRF and clickjacking

Authorization	Test for path traversal
	Test for bypassing authorization schema
	Test for vertical Access control problems (a.k.a. Privilege Escalation)
	Test for horizontal Access control problems (between two users at the same privilege level)
	Test for missing authorization

Data Validation	Test for Reflected Cross Site Scripting
	Test for Stored Cross Site Scripting
	Test for DOM based Cross Site Scripting
	Test for Cross Site Flashing
	Test for HTML Injection
	Test for SQL Injection
	Test for LDAP Injection
	Test for ORM Injection
	Test for XML Injection
	Test for XXE Injection
	Test for SSI Injection
	Test for XPath Injection
	Test for XQuery Injection
	Test for IMAP/SMTP Injection
	Test for Code Injection
	Test for Expression Language Injection
	Test for Command Injection
	Test for Overflow (Stack, Heap and Integer)
	Test for Format String
	Test for incubated vulnerabilities
	Test for HTTP Splitting/Smuggling
	Test for HTTP Verb Tampering
	Test for Open Redirection
	Test for Local File Inclusion
	Test for Remote File Inclusion
	Compare client-side and server-side validation rules
	Test for NoSQL injection
	Test for HTTP parameter pollution
	Test for auto-binding
	Test for Mass Assignment
	Test for NULL/Invalid Session Cookie

Denial of Service	Test for anti-automation
	Test for account lockout
	Test for HTTP protocol DoS
	Test for SQL wildcard DoS

Business Logic	Test for feature misuse
	Test for lack of non-repudiation
	Test for trust relationships
	Test for integrity of data
	Test segregation of duties

Cryptography	Check if data which should be encrypted is not
	Check for wrong algorithms usage depending on context
	Check for weak algorithms usage
	Check for proper use of salting
	Check for randomness functions

Risky Functionality - File Uploads	Test that acceptable file types are whitelisted
	Test that file size limits, upload frequency and total file counts are defined and are enforced
	Test that file contents match the defined file type
	Test that all file uploads have Anti-Virus scanning in-place.
	Test that unsafe filenames are sanitised
	Test that uploaded files are not directly accessible within the web root
	Test that uploaded files are not served on the same hostname/port
	Test that files and other media are integrated with the authentication and authorisation schemas

Risky Functionality - Card Payment	Test for known vulnerabilities and configuration issues on Web Server and Web Application
	Test for default or guessable password
	Test for non-production data in live environment, and vice-versa
	Test for Injection vulnerabilities
	Test for Buffer Overflows
	Test for Insecure Cryptographic Storage
	Test for Insufficient Transport Layer Protection
	Test for Improper Error Handling
	Test for all vulnerabilities with a CVSS v2 score > 4.0
	Test for Authentication and Authorization issues
	Test for CSRF

HTML 5	Test Web Messaging
	Test for Web Storage SQL injection
	Check CORS implementation
	Check Offline Web Application


Priority
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server Side Request Forgery (SSRF)


Proactive Controls
Define Security Requirements	Abuse Case
	Threat Modeling
	Abuse Case

Leverage Security Frameworks and Libraries	Clickjacking Defense
	Vulnerable Dependency Management

Secure Database Access	SQL Injection Prevention
	Query Parameterization

Encode and Escape Data	AJAX Security  (Client Side)

Encode and Escape Data	Cross Site Scripting Prevention
	DOM based XSS Prevention
	Injection Prevention
	Injection Prevention  in Java
	LDAP Injection Prevention

Validate All Inputs	Bean Validation
	Deserialization
	Input Validation
	Injection Prevention
	Injection Prevention  in Java
	Mass Assignment
	OS Command Injection Defense
	File Upload
	Clickjacking Defense
	Unvalidated Redirects and Forwards
	XML External Entity Prevention
	Server Side Request Forgery Prevention

Implement Digital Identity	Authentication
	Choosing and Using Security Questions
	Forgot Password
	JAAS
	Password Storage
	REST Security  (JWT)
	SAML Security
	Session Management

Enforce Access 	Access Control
	Authorization Testing Automation
	Credential Stuffing Prevention
	Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
	REST Security  (Access Control)
	Insecure Direct Object Reference Prevention
	Transaction Authorization

Protect Data Everywhere	Cryptographic Storage
	TLS Cipher String
	Transport Layer Protection
	Key Management
	HTTP Strict Transport Security
	Pinning
	REST Security  (HTTPS)
	User Privacy Protection

Implement Security Logging and Monitoring	REST Security  (Audit Logs)
	Logging

Handle All Errors and Exceptions	REST Security  (Error Handling)
	Error Handling


EXTRAS
AJAX Security
Abuse Case
Access Control
Attack Surface Analysis
Authentication
Authorization
Authorization Testing Automation
Bean Validation
C-Based Toolchain Hardening
Choosing and Using Security Questions
Clickjacking Defense
Content Security Policy
Credential Stuffing Prevention
Cross-Site Request Forgery Prevention
Cross Site Scripting Prevention
Cryptographic Storage
DOM based XSS Prevention
Database Security
Denial of Service
Deserialization
Docker Security
DotNet Security
Error Handling
File Upload
Forgot Password
GraphQL
HTML5 Security
HTTP Headers
HTTP Strict Transport Security
Infrastructure as Code Security
Injection Prevention
Injection Prevention in Java
Input Validation
Insecure Direct Object Reference Prevention
JAAS
JSON Web Token for Java
Key Management
Kubernetes Security
LDAP Injection Prevention
Laravel
Logging
Logging Vocabulary
Mass Assignment
Microservices based Security Arch Doc
Microservices security.md
Multifactor Authentication
NPM Security
NodeJS Docker
Nodejs Security
OS Command Injection Defense
PHP Configuration
Password Storage
Pinning
Query Parameterization
REST Assessment
REST Security
Ruby on Rails
SAML Security
SQL Injection Prevention
Secrets Management CheatSheet.md
Securing Cascading Style Sheets
Server Side Request Forgery Prevention
Session Management
TLS Cipher String
Third Party Javascript Management
Threat Modeling
Transaction Authorization
Transport Layer Protection
Unvalidated Redirects and Forwards
User Privacy Protection
Virtual Patching
Vulnerability Disclosure
Vulnerable Dependency Management
Web Service Security
XML External Entity Prevention
XML Security
XSS Filter Evasion
XS Leaks
	Crieteria Checklist
	Information Gathering Manually explore the site
	Spider/crawl for missed or hidden content
	Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
	Check the caches of major search engines for publicly accessible sites
	Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
	Perform Web Application Fingerprinting
	Identify technologies used
	Identify user roles
	Identify application entry points
	Identify client-side code
	Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
	Identify co-hosted and related applications
	Identify all hostnames and ports
	Identify third-party hosted content

	Configuration Management Check for commonly used application and administrative URLs
	Check for old, backup and unreferenced files
	Check HTTP methods supported and Cross Site Tracing (XST)
	Test file extensions handling
	Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
	Test for policies (e.g. Flash, Silverlight, robots)
	Test for non-production data in live environment, and vice-versa
	Check for sensitive data in client-side code (e.g. API keys, credentials)

	Secure Transmission Check SSL Version, Algorithms, Key length
	Check for Digital Certificate Validity (Duration, Signature and CN)
	Check credentials only delivered over HTTPS
	Check that the login form is delivered over HTTPS
	Check session tokens only delivered over HTTPS
	Check if HTTP Strict Transport Security (HSTS) in use

	Authentication Test for user enumeration
	Test for authentication bypass
	Test for bruteforce protection
	Test password quality rules
	Test remember me functionality
	Test for autocomplete on password forms/input
	Test password reset and/or recovery
	Test password change process
	Test CAPTCHA
	Test multi factor authentication
	Test for logout functionality presence
	Test for cache management on HTTP (eg Pragma, Expires, Max-age)
	Test for default logins
	Test for user-accessible authentication history
	Test for out-of channel notification of account lockouts and successful password changes
	Test for consistent authentication across applications with shared authentication schema / SSO

	Session Management Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
	Check session tokens for cookie flags (httpOnly and secure)
	Check session cookie scope (path and domain)
	Check session cookie duration (expires and max-age)
	Check session termination after a maximum lifetime
	Check session termination after relative timeout
	Check session termination after logout
	Test to see if users can have multiple simultaneous sessions
	Test session cookies for randomness
	Confirm that new session tokens are issued on login, role change and logout
	Test for consistent session management across applications with shared session management
	Test for session puzzling
	Test for CSRF and clickjacking

	Authorization Test for path traversal
	Test for bypassing authorization schema
	Test for vertical Access control problems (a.k.a. Privilege Escalation)
	Test for horizontal Access control problems (between two users at the same privilege level)
	Test for missing authorization

	Data Validation Test for Reflected Cross Site Scripting
	Test for Stored Cross Site Scripting
	Test for DOM based Cross Site Scripting
	Test for Cross Site Flashing
	Test for HTML Injection
	Test for SQL Injection
	Test for LDAP Injection
	Test for ORM Injection
	Test for XML Injection
	Test for XXE Injection
	Test for SSI Injection
	Test for XPath Injection
	Test for XQuery Injection
	Test for IMAP/SMTP Injection
	Test for Code Injection
	Test for Expression Language Injection
	Test for Command Injection
	Test for Overflow (Stack, Heap and Integer)
	Test for Format String
	Test for incubated vulnerabilities
	Test for HTTP Splitting/Smuggling
	Test for HTTP Verb Tampering
	Test for Open Redirection
	Test for Local File Inclusion
	Test for Remote File Inclusion
	Compare client-side and server-side validation rules
	Test for NoSQL injection
	Test for HTTP parameter pollution
	Test for auto-binding
	Test for Mass Assignment
	Test for NULL/Invalid Session Cookie

	Denial of Service Test for anti-automation
	Test for account lockout
	Test for HTTP protocol DoS
	Test for SQL wildcard DoS

	Business Logic Test for feature misuse
	Test for lack of non-repudiation
	Test for trust relationships
	Test for integrity of data
	Test segregation of duties

	Cryptography Check if data which should be encrypted is not
	Check for wrong algorithms usage depending on context
	Check for weak algorithms usage
	Check for proper use of salting
	Check for randomness functions

	Risky Functionality - File Uploads Test that acceptable file types are whitelisted
	Test that file size limits, upload frequency and total file counts are defined and are enforced
	Test that file contents match the defined file type
	Test that all file uploads have Anti-Virus scanning in-place.
	Test that unsafe filenames are sanitised
	Test that uploaded files are not directly accessible within the web root
	Test that uploaded files are not served on the same hostname/port
	Test that files and other media are integrated with the authentication and authorisation schemas

	Risky Functionality - Card Payment Test for known vulnerabilities and configuration issues on Web Server and Web Application
	Test for default or guessable password
	Test for non-production data in live environment, and vice-versa
	Test for Injection vulnerabilities
	Test for Buffer Overflows
	Test for Insecure Cryptographic Storage
	Test for Insufficient Transport Layer Protection
	Test for Improper Error Handling
	Test for all vulnerabilities with a CVSS v2 score > 4.0
	Test for Authentication and Authorization issues
	Test for CSRF

	HTML 5 Test Web Messaging
	Test for Web Storage SQL injection
	Check CORS implementation
	Check Offline Web Application


	Priority
	Broken Access Control
	Cryptographic Failures
	Injection
	Insecure Design
	Security Misconfiguration
	Vulnerable and Outdated Components
	Identification and Authentication Failures
	Software and Data Integrity Failures
	Security Logging and Monitoring Failures
	Server Side Request Forgery (SSRF)


	Proactive Controls
	Define Security Requirements Abuse Case
	Threat Modeling
	Abuse Case

	Leverage Security Frameworks and Libraries Clickjacking Defense
	Vulnerable Dependency Management

	Secure Database Access SQL Injection Prevention
	Query Parameterization

	Encode and Escape Data AJAX Security (Client Side)

	Encode and Escape Data Cross Site Scripting Prevention
	DOM based XSS Prevention
	Injection Prevention
	Injection Prevention in Java
	LDAP Injection Prevention

	Validate All Inputs Bean Validation
	Deserialization
	Input Validation
	Injection Prevention
	Injection Prevention in Java
	Mass Assignment
	OS Command Injection Defense
	File Upload
	Clickjacking Defense
	Unvalidated Redirects and Forwards
	XML External Entity Prevention
	Server Side Request Forgery Prevention

	Implement Digital Identity Authentication
	Choosing and Using Security Questions
	Forgot Password
	JAAS
	Password Storage
	REST Security (JWT)
	SAML Security
	Session Management

	Enforce Access Access Control
	Authorization Testing Automation
	Credential Stuffing Prevention
	Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
	REST Security (Access Control)
	Insecure Direct Object Reference Prevention
	Transaction Authorization

	Protect Data Everywhere Cryptographic Storage
	TLS Cipher String
	Transport Layer Protection
	Key Management
	HTTP Strict Transport Security
	Pinning
	REST Security (HTTPS)
	User Privacy Protection

	Implement Security Logging and Monitoring REST Security (Audit Logs)
	Logging

	Handle All Errors and Exceptions REST Security (Error Handling)
	Error Handling


	EXTRAS
	AJAX Security
	Abuse Case
	Access Control
	Attack Surface Analysis
	Authentication
	Authorization
	Authorization Testing Automation
	Bean Validation
	C-Based Toolchain Hardening
	Choosing and Using Security Questions
	Clickjacking Defense
	Content Security Policy
	Credential Stuffing Prevention
	Cross-Site Request Forgery Prevention
	Cross Site Scripting Prevention
	Cryptographic Storage
	DOM based XSS Prevention
	Database Security
	Denial of Service
	Deserialization
	Docker Security
	DotNet Security
	Error Handling
	File Upload
	Forgot Password
	GraphQL
	HTML5 Security
	HTTP Headers
	HTTP Strict Transport Security
	Infrastructure as Code Security
	Injection Prevention
	Injection Prevention in Java
	Input Validation
	Insecure Direct Object Reference Prevention
	JAAS
	JSON Web Token for Java
	Key Management
	Kubernetes Security
	LDAP Injection Prevention
	Laravel
	Logging
	Logging Vocabulary
	Mass Assignment
	Microservices based Security Arch Doc
	Microservices security.md
	Multifactor Authentication
	NPM Security
	NodeJS Docker
	Nodejs Security
	OS Command Injection Defense
	PHP Configuration
	Password Storage
	Pinning
	Query Parameterization
	REST Assessment
	REST Security
	Ruby on Rails
	SAML Security
	SQL Injection Prevention
	Secrets Management CheatSheet.md
	Securing Cascading Style Sheets
	Server Side Request Forgery Prevention
	Session Management
	TLS Cipher String
	Third Party Javascript Management
	Threat Modeling
	Transaction Authorization
	Transport Layer Protection
	Unvalidated Redirects and Forwards
	User Privacy Protection
	Virtual Patching
	Vulnerability Disclosure
	Vulnerable Dependency Management
	Web Service Security
	XML External Entity Prevention
	XML Security
	XSS Filter Evasion
	XS Leaks