1.
Introduction
2.
Penetration Testing Standards
2.1.
NIST (SP 800-115)
2.2.
PTES
2.3.
ISSAF
3.
Manual Vs Automated Penetration Testing
3.1.
Difference
3.2.
Benifits of Automated Penetration Testing
3.3.
Limitations of Automated Penetration Testing
4.
Existing Tools/Methodologies
4.1.
Net-Nirikshak
4.2.
Astra
4.3.
w3af Web Application Attack and Audit Framework
5.
Type of attacks
5.1.
Security Misconfiguration
5.1.1.
Default credentials unchanged.
5.1.2.
Improper Error handling
5.1.3.
Logs publicly accessible
5.1.4.
Directory Listing Enabled
5.1.5.
Outdated Software used.
5.1.6.
Unsafe Cross-Origin Resource Sharing
5.1.7.
Path Traversal (Directory Traversal Vulnerability)
5.1.8.
No Rate Limiting
5.1.8.1.
Registration
5.1.8.2.
Login
5.1.8.3.
OTP
5.1.8.4.
Email-Triggering
5.1.8.5.
SMS-Triggering
5.1.9.
Mail Server Misconfiguration
5.2.
Broken Access Control
5.2.1.
Insecure Direct Object Reference (IDOR) (CWE-639)
5.2.2.
Username/Email Enumeration (Non-Brute Force)
5.3.
Injection
5.3.1.
SQL Injection (CWE-89)
5.3.2.
LDAP Injection (CWE-90)
5.3.3.
OS Command Injection (CWE-78)
5.3.4.
CSV Injection / Formula Injection
5.4.
Cross-Site Scripting (XSS)
5.4.1.
Cross-site Scripting (XSS) - DOM (CWE-79)
5.4.2.
Cross-site Scripting (XSS) - Reflected (CWE-79)
5.4.3.
Cross-site Scripting (XSS) - Stored (CWE-79)
5.5.
Broken Authentication and session management
5.5.1.
Authentication Bypass
5.5.2.
Second Factor Authentication (2FA) Bypass
5.5.3.
Privilege Escalation
5.5.4.
Failure to Invalidate Session
5.6.
XML External Entities (XXE) (CWE-611)
5.7.
Remote File Inclusion (RFI)
5.8.
Local File Inclusion (LFI)
5.9.
Unsafe / Unrestricted File Upload
5.9.1.
No Size Limit
5.9.2.
File Extension Filter Bypass
5.10.
Server-side request forgery (SSRF)
5.11.
Cross Site Request Forgery (CSRF)
5.12.
Clickjacking (UI Redressing )
5.13.
Cleartext Transmission of Sensitive Information (CWE-319)
5.13.1.
Passwords transmitted in cleartext.
5.13.2.
sends passwords in cleartext to a log server.
5.13.3.
sends cleartext passwords in email.
5.14.
Open Redirect
5.14.1.
GET-Based
5.14.2.
POST-Based
5.14.3.
Header-Based
5.14.4.
Flash-Based
5.15.
Subdomain take-over
Light (default)
Rust
Coal
Navy
Ayu
web vulnerabilities
Existing Tools/Methodologies