Penetration Test Guide based on the OWASP + Extra

This guide is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I’ve also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.

  • Code-Injection

  • Command-Injection

  • Cross-Origin-Resource-Sharing

  • Cross-Site-Scripting

  • Directory-Traversal-File-Include

  • Hidden-and-Sensitive-Files-or-Directories

  • Insecure-Authentication-Class

  • Insecure-Direct-Object-References

  • JSON-Web-Token-Flaw

  • Server-Side-Request-Forgery

  • Server-Side-Template-Injection

  • Two-Factor-Authentication-Bypass

  • XML-External-Entity