Documente Academic
Documente Profesional
Documente Cultură
Application Penetration Testing
Încărcat de
msyukorDrepturi de autor
Formate disponibile
Partajați acest document
Partajați sau inserați document
Vi se pare util acest document?
Este necorespunzător acest conținut?
Raportați acest documentDrepturi de autor:
Formate disponibile
Application Penetration Testing
Încărcat de
msyukorDrepturi de autor:
Formate disponibile
EC-Council Licensed Penetration Tester
Test: Application Penetration Testing
Penetration Tester: ____________________________
Organization: ________________________________
Date: _______________Location: ________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 1: Fingerprinting the Web Application Environment
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 2: Investigate the Output from HEAD and OPTIONS Http Requests
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 3: Investigate the Format and Wording of 404/Other Error Pages
Website URL:
_____________________________________________________________________
Error message:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Error message:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Error message:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 4: Test for Recognized File Types/Extensions/Directories
Website URL:
_____________________________________________________________________
Recognized common file types/extensions/directories:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 5: Examine Source of Available Pages
Website URL:
_____________________________________________________________________
Source code of the page:
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 6: Manipulate Inputs in Order to Elicit a Scripting Error
Website URL:
_____________________________________________________________________
Manipulated input:
_____________________________________________________________________
Scripting error message:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 7: Test Inner Working of a Web Application
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 8: Test Database Connectivity
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
Template APT/28
EC-Council
Licensed Penetration Tester
Test 9: Test the Application Code
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
10
Template APT/28
EC-Council
Licensed Penetration Tester
Test 10: Test the Use of GET and POST in Web Application
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
11
Template APT/28
EC-Council
Licensed Penetration Tester
Test 11: Test for Parameter-Tampering Attacks on Website
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
12
Template APT/28
EC-Council
Licensed Penetration Tester
Test 12: Test for URL Manipulation
Website URL:
_____________________________________________________________________
Modified URL:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
13
Template APT/28
EC-Council
Licensed Penetration Tester
Test 13: Test for Cross Site Scripting
Website URL:
_____________________________________________________________________
Tool used:
Paros proxy
Fiddler
Burp proxy
TamperIE
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
14
Template APT/28
EC-Council
Licensed Penetration Tester
Test 14: Test for Hidden Fields
Website URL:
_____________________________________________________________________
Hidden fields discovered:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
15
Template APT/28
EC-Council
Licensed Penetration Tester
Test 15: Test for Cookie Attacks
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
16
Template APT/28
EC-Council
Licensed Penetration Tester
Test 16: Test for Buffer Overflows
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
17
Template APT/28
EC-Council
Licensed Penetration Tester
Test 17: Test for Bad Data
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
18
Template APT/28
EC-Council
Licensed Penetration Tester
Test 18: Test Client-Side Scripting
Website URL:
_____________________________________________________________________
Injected code:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
19
Template APT/28
EC-Council
Licensed Penetration Tester
Test 19: Test for Known Vulnerabilities
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
20
Template APT/28
EC-Council
Licensed Penetration Tester
Test 20: Test for Race Conditions
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
21
Template APT/28
EC-Council
Licensed Penetration Tester
Test 21: Test with User Protection via Browser Settings
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
22
Template APT/28
EC-Council
Licensed Penetration Tester
Test 22: Test for Command Execution Vulnerability
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
23
Template APT/28
EC-Council
Licensed Penetration Tester
Test 23: Test for SQL Injection Attacks
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
24
Template APT/28
EC-Council
Licensed Penetration Tester
Test 24: Test for Blind SQL Injection
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
25
Template APT/28
EC-Council
Licensed Penetration Tester
Test 25: Test for Session Fixation Attack
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
26
Template APT/28
EC-Council
Licensed Penetration Tester
Test 26: Test for Session Hijacking
Target users IP addresses:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Decommissioning of the host (DoS) is done: Yes [ ] No [ ]
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
27
Template APT/28
EC-Council
Licensed Penetration Tester
Test 27: Test for XPath Injection Attack
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
28
Template APT/28
EC-Council
Licensed Penetration Tester
Test 28: Test for Server Side Include Injection Attack
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
29
Template APT/28
EC-Council
Licensed Penetration Tester
Test 29: Test for Logic Flaws
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
30
Template APT/28
EC-Council
Licensed Penetration Tester
Test 30: Test for Binary Attacks
Website URL:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
31
Template APT/28
EC-Council
Licensed Penetration Tester
Test 31: Test for XML Structural
Website URL:
_____________________________________________________________________
Malformed XML message:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Parameter validated:
Enumeration
fractionDigits
Length
maxExclusive
maxInclusive
maxLength
minExclusive
minInclusive
minLength
Pattern
totalDigits
whiteSpace
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
32
Template APT/28
EC-Council
Licensed Penetration Tester
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
33
Template APT/28
EC-Council
Licensed Penetration Tester
Test 32: Test for XML Content-level
Website URL:
_____________________________________________________________________
Tool used:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Modified parameters:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
34
Template APT/28
EC-Council
Licensed Penetration Tester
Test 33: Test for WS HTTP GET Parameters/REST Attacks
Website URL:
_____________________________________________________________________
HTTP GET query strings tested:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Validate parameters:
Maximum length and minimum length
Validate payload
Implement exact match", "known good" and "known bad" in order
Validate parameter names and existence
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
35
Template APT/28
EC-Council
Licensed Penetration Tester
Test 34: Test for Malicious SOAP Attachments
Host servers URL:
_____________________________________________________________________
Web Service Definition Language (WSDL) that accepts attachment:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
36
Template APT/28
EC-Council
Licensed Penetration Tester
Test 35: Test for WS Replay
Proxy tool used for WS Replay:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Sniffer used to capture traffic:
_____________________________________________________________________
Host server address:
_____________________________________________________________________
Test Results:
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Confidential
37
Template APT/28
S-ar putea să vă placă și
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeDe la EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeEvaluare: 4 din 5 stele4/5 (5794)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreDe la EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreEvaluare: 4 din 5 stele4/5 (1090)
- Never Split the Difference: Negotiating As If Your Life Depended On ItDe la EverandNever Split the Difference: Negotiating As If Your Life Depended On ItEvaluare: 4.5 din 5 stele4.5/5 (838)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceDe la EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceEvaluare: 4 din 5 stele4/5 (895)
- Grit: The Power of Passion and PerseveranceDe la EverandGrit: The Power of Passion and PerseveranceEvaluare: 4 din 5 stele4/5 (588)
- Shoe Dog: A Memoir by the Creator of NikeDe la EverandShoe Dog: A Memoir by the Creator of NikeEvaluare: 4.5 din 5 stele4.5/5 (537)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersDe la EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersEvaluare: 4.5 din 5 stele4.5/5 (345)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureDe la EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureEvaluare: 4.5 din 5 stele4.5/5 (474)
- Her Body and Other Parties: StoriesDe la EverandHer Body and Other Parties: StoriesEvaluare: 4 din 5 stele4/5 (821)
- The Emperor of All Maladies: A Biography of CancerDe la EverandThe Emperor of All Maladies: A Biography of CancerEvaluare: 4.5 din 5 stele4.5/5 (271)
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)De la EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Evaluare: 4.5 din 5 stele4.5/5 (121)
- The Little Book of Hygge: Danish Secrets to Happy LivingDe la EverandThe Little Book of Hygge: Danish Secrets to Happy LivingEvaluare: 3.5 din 5 stele3.5/5 (400)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyDe la EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyEvaluare: 3.5 din 5 stele3.5/5 (2259)
- The Yellow House: A Memoir (2019 National Book Award Winner)De la EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Evaluare: 4 din 5 stele4/5 (98)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaDe la EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaEvaluare: 4.5 din 5 stele4.5/5 (266)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryDe la EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryEvaluare: 3.5 din 5 stele3.5/5 (231)
- Team of Rivals: The Political Genius of Abraham LincolnDe la EverandTeam of Rivals: The Political Genius of Abraham LincolnEvaluare: 4.5 din 5 stele4.5/5 (234)
- On Fire: The (Burning) Case for a Green New DealDe la EverandOn Fire: The (Burning) Case for a Green New DealEvaluare: 4 din 5 stele4/5 (74)
- The Unwinding: An Inner History of the New AmericaDe la EverandThe Unwinding: An Inner History of the New AmericaEvaluare: 4 din 5 stele4/5 (45)
- TURNITIN Student GuideDocument10 paginiTURNITIN Student Guidemardak2953Încă nu există evaluări
- FloCon 21 - GHOSTS in The MachineDocument31 paginiFloCon 21 - GHOSTS in The MachinegreycompanionÎncă nu există evaluări
- THE A4 Department: Powerful All-RoundersDocument2 paginiTHE A4 Department: Powerful All-RoundersabhaykatÎncă nu există evaluări
- NSA 2009 FOIA LogDocument93 paginiNSA 2009 FOIA LogRobÎncă nu există evaluări
- Compusoft, 3 (6), 879-883 PDFDocument5 paginiCompusoft, 3 (6), 879-883 PDFIjact EditorÎncă nu există evaluări
- New Rules of Measurement 2 DecDocument2 paginiNew Rules of Measurement 2 DecKrish DoodnauthÎncă nu există evaluări
- Operating System and Computer Security (Short - Note)Document3 paginiOperating System and Computer Security (Short - Note)Pathum TharakaÎncă nu există evaluări
- Mu Iso 04 GBDocument8 paginiMu Iso 04 GBjoepdekker1100% (1)
- Cyber Security Basics: International Master's Programme (M. SC.)Document1 paginăCyber Security Basics: International Master's Programme (M. SC.)sadyaakterÎncă nu există evaluări
- Generate Certificate Chains For Testing Java Applications PDFDocument11 paginiGenerate Certificate Chains For Testing Java Applications PDF420sree5705Încă nu există evaluări
- Oracle E-Business Suite Controls Application Security Best Practices TOCDocument5 paginiOracle E-Business Suite Controls Application Security Best Practices TOCGreg LusinskiÎncă nu există evaluări
- How To Crack Programs Yourself With Offset Comparison ToolDocument4 paginiHow To Crack Programs Yourself With Offset Comparison Toollindi_1985100% (1)
- Resumen Normas en TablaDocument1 paginăResumen Normas en TablaAne Mi KosteñlÎncă nu există evaluări
- City Ruling On FOIP Request For Valley Line LRTDocument2 paginiCity Ruling On FOIP Request For Valley Line LRTElise StolteÎncă nu există evaluări
- UGCNETDEC AdmitCardDocument1 paginăUGCNETDEC AdmitCardsurabhi netÎncă nu există evaluări
- New Text DocumentDocument12 paginiNew Text DocumentNguyễn HùngÎncă nu există evaluări
- Curso Mantenimiento HyPET HPP4Document230 paginiCurso Mantenimiento HyPET HPP4FabianQuitianÎncă nu există evaluări
- WP Bypassing CaptchasDocument12 paginiWP Bypassing CaptchasJosue AguilarÎncă nu există evaluări
- Hungary Visit VisaDocument1 paginăHungary Visit VisawesamÎncă nu există evaluări
- NURS FPX 6214 Assessment 1 Technology Needs AssessmentDocument6 paginiNURS FPX 6214 Assessment 1 Technology Needs Assessmentfarwaamjad771Încă nu există evaluări
- Cji 3Document1 paginăCji 3Sadanand NayakÎncă nu există evaluări
- Auditing E-Business: New Challenges For External Auditors: Dr. Ahmad A. Abu-Musa, Tanta University, EgyptDocument15 paginiAuditing E-Business: New Challenges For External Auditors: Dr. Ahmad A. Abu-Musa, Tanta University, EgyptzatazaininaÎncă nu există evaluări
- Tutorial Ping Link IP RTNDocument14 paginiTutorial Ping Link IP RTNPaulo DembiÎncă nu există evaluări
- GDPR - Security Ibm Security Services Se Research Report Sel03130usen 20170825 - Dec17Document27 paginiGDPR - Security Ibm Security Services Se Research Report Sel03130usen 20170825 - Dec17Peter ZalarÎncă nu există evaluări
- Tender NoticeDocument3 paginiTender NoticeSahil TeeluckdharryÎncă nu există evaluări
- Isca NotesDocument159 paginiIsca Notesaramsiva100% (2)
- Network TunnelingDocument7 paginiNetwork Tunnelingatishay811Încă nu există evaluări
- Letter of Intimation - STUDENT SECTIONDocument1 paginăLetter of Intimation - STUDENT SECTIONSAHIL CYBER CAFE4Încă nu există evaluări
- Data Traffic Unbalancing Among U2100 U900 Carriers Due To Activating The Dual Carrier FeatureDocument8 paginiData Traffic Unbalancing Among U2100 U900 Carriers Due To Activating The Dual Carrier Featurevictor kudidissaÎncă nu există evaluări
- End of Life Cisco SwitchDocument2 paginiEnd of Life Cisco SwitchGustavo Marcelo Medina NarbonaÎncă nu există evaluări
