1) Web Applications – Check if a web application is able to identify spam attacks on contact forms used in the website.
2) Proxy Servers – Check if network traffic is monitored by proxy appliances. Proxy servers make it difficult for hackers to get internal details of the network, thus protecting the system from external attacks.3) Spam Email Filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with built-in spam filters, which need to be configured per your needs. These configuration rules can be applied on email headers, subjects or bodies.4) Firewalls – Make sure an entire network or computers are protected with a firewall. A firewall can be a software or hardware to block unauthorized access to systems. Firewalls can prevent sending data outside the network without your permission.5) Exploits – Try to exploit all servers, desktop systems, printers and network devices.6) Verification – Verify that all usernames and passwords are encrypted and transferred over secured connections like HTTPs.7) Cookies – Verify information stored in website cookies. It should not be in readable format.8 ) Vulnerabilities – Review previously found vulnerabilities to check if the fix is working.
11) Telephones – Check all telephone devices.
12) WiFi – Test WiFi network security.
13) HTTP Methods – Review HTTP methods. PUT and Delete methods should not be enabled on web server.
14) Passwords – Password should be at least 8 character long containing at least one number and one special character.
15) Usernames – Usernames should not be like “admin” or “administrator”.
16) Application Login Pages – Application logins pages should be locked upon few unsuccessful login attempts.
17) Error Messages – Error messages should be generic and not mention specific error details like “Invalid username” or “Invalid password”.
19) Special Characters – Verify if special characters, HTML tags and scripts are handled properly as an input value.
20) Internal System Details – Internal system details should not be revealed in any of the error or alert messages.
21) Custom Error Messages – Custom error messages should be displayed to end-users in case of web page crash.
22) Registry Entries – Review the use of registry entries. Sensitive information should not be kept in registry.
23) Scanning Files – All files must be scanned before uploading to server.
24) Sensitive Data – Sensitive data should not be passed in URL’s while communicating with different internal modules of the web application.
25) No Hard-Coded Usernames or Passwords – There should not be any hard-coded username or password in the system.
26) Input Fields – Check all input fields with long input strings – with and without spaces.
27) Password Functionality – Ensure reset password functionality is secure.
28) SQL Injection – Verify application for SQL Injection.
29) XSS – Verify application for Cross Site Scripting.
31) Input Validations – Important input validations should be done at server side instead of JavaScript checks at client side.
32) System Resources – Critical resources in the system should be available to authorized persons and services only.
33) Access Permissions – All access logs should be maintained with proper access permissions.
34) Ending Sessions – Check that user sessions end upon log off.
35) Directory Browsing – Verify that directory browsing is disabled on the server.
36) Up-to-Date Versions – Verify that all applications and database versions are up to date.
37) URL Manipulation – Review URL manipulation to make sure a web application is not showing any unwanted information.
38) Buffer Overflow – Check memory leak and buffer overflow.
39) Trojan Attacks – Verify if incoming network traffic is scanned to find Trojan attacks.
40) Brute Force Attacks – Check if systems are safe from Brute Force Attacks – use a trial and error method to find sensitive information like passwords.
41) DoS – Ensure the system or network is secured from DoS (denial-of-service) attacks.Attackers can target networks or a single computer with continuous requests. Resources on target systems get overloaded, resulting in denial of service for legit requests.
2) Proxy Servers – Check if network traffic is monitored by proxy appliances. Proxy servers make it difficult for hackers to get internal details of the network, thus protecting the system from external attacks.3) Spam Email Filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with built-in spam filters, which need to be configured per your needs. These configuration rules can be applied on email headers, subjects or bodies.4) Firewalls – Make sure an entire network or computers are protected with a firewall. A firewall can be a software or hardware to block unauthorized access to systems. Firewalls can prevent sending data outside the network without your permission.5) Exploits – Try to exploit all servers, desktop systems, printers and network devices.6) Verification – Verify that all usernames and passwords are encrypted and transferred over secured connections like HTTPs.7) Cookies – Verify information stored in website cookies. It should not be in readable format.8 ) Vulnerabilities – Review previously found vulnerabilities to check if the fix is working.
11) Telephones – Check all telephone devices.
12) WiFi – Test WiFi network security.
13) HTTP Methods – Review HTTP methods. PUT and Delete methods should not be enabled on web server.
14) Passwords – Password should be at least 8 character long containing at least one number and one special character.
15) Usernames – Usernames should not be like “admin” or “administrator”.
16) Application Login Pages – Application logins pages should be locked upon few unsuccessful login attempts.
17) Error Messages – Error messages should be generic and not mention specific error details like “Invalid username” or “Invalid password”.
19) Special Characters – Verify if special characters, HTML tags and scripts are handled properly as an input value.
20) Internal System Details – Internal system details should not be revealed in any of the error or alert messages.
21) Custom Error Messages – Custom error messages should be displayed to end-users in case of web page crash.
22) Registry Entries – Review the use of registry entries. Sensitive information should not be kept in registry.
23) Scanning Files – All files must be scanned before uploading to server.
24) Sensitive Data – Sensitive data should not be passed in URL’s while communicating with different internal modules of the web application.
25) No Hard-Coded Usernames or Passwords – There should not be any hard-coded username or password in the system.
26) Input Fields – Check all input fields with long input strings – with and without spaces.
27) Password Functionality – Ensure reset password functionality is secure.
28) SQL Injection – Verify application for SQL Injection.
29) XSS – Verify application for Cross Site Scripting.
31) Input Validations – Important input validations should be done at server side instead of JavaScript checks at client side.
32) System Resources – Critical resources in the system should be available to authorized persons and services only.
33) Access Permissions – All access logs should be maintained with proper access permissions.
34) Ending Sessions – Check that user sessions end upon log off.
35) Directory Browsing – Verify that directory browsing is disabled on the server.
36) Up-to-Date Versions – Verify that all applications and database versions are up to date.
37) URL Manipulation – Review URL manipulation to make sure a web application is not showing any unwanted information.
38) Buffer Overflow – Check memory leak and buffer overflow.
39) Trojan Attacks – Verify if incoming network traffic is scanned to find Trojan attacks.
40) Brute Force Attacks – Check if systems are safe from Brute Force Attacks – use a trial and error method to find sensitive information like passwords.
41) DoS – Ensure the system or network is secured from DoS (denial-of-service) attacks.Attackers can target networks or a single computer with continuous requests. Resources on target systems get overloaded, resulting in denial of service for legit requests.
9) Open Ports – Ensure there are no ports on a network.
This is a basic checklist to get started with pentesting. There are hundreds of advanced penetration methods, which can be done either manually or with the help of automation tools.
