Professional Documents
Culture Documents
Tip- If you have a good system you can test open ports on the IP address you
gathered and then run your automation.
Manual Testing
Open each website one by one to check functionality or what that web page does.
Follow the Checklist to avoid confusion.
Tip- Look for 3rd Party Technology used and their vulnerability.
Vulnerabilities List
XML injection
XML external entity injection
XPath injection
Client-side XPath injection (DOM-based)
Client-side XPath injection (reflected DOM-based)
Client-side XPath injection (stored DOM-based)
XML entity expansion
HTTP method
HTTP PUT method is enabled
HTTP TRACE method is enabled
HTML5
SSL certificate
Unencrypted communications
Strict transport security not enforced
Mixed content