Hackers Rest
  • Hacker's Rest
  • Tools & Cheatsheets
    • Cybersecurity YouTube Channels
  • Hacking Methodology
  • Hands-on Practice
  • Fundamentals
    • Network Fundamentals
    • Computer Fundamentals
  • Unix
    • Unix Fundamentals
    • Hardening & Setup
      • TMUX/Screen Cheatsheet
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Data Exfiltration
      • Persistence
    • Vim
  • Windows
    • Windows Fundamentals
    • PowerShell
    • Hardening & Setup
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Persistence
      • Data Exfiltration
      • Active Directory
        • Enumeration
        • Getting Access
        • Privilege Escalation
        • Persistence
      • Kerberos
      • Impacket
  • MacOS
    • MacOS Basics
    • Hardening & Configuration
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Persistence
  • Web
    • Burp Suite
    • DNS
    • Web Notes
      • Enumeration
      • Web Filter Bypass
      • Command Injection
      • Subdomain/Virtual Host Enumeration
      • The Web Application Hacker's Handbook
  • Mobile
    • iOS
    • Android
  • OS Agnostic
    • Basic Enumeration
    • Cryptography & Encryption
    • Network Hardware
    • OS Agnostic
    • OSINT
    • Password Cracking
      • Gathering the Hashes
      • Wordlist Manipulation
      • Cracking the Hashes
    • Pivoting
      • Chisel
      • Plink.exe
      • SSH
      • Sshuttle
      • Socat
    • Reverse Engineering & Binary Exploitation
      • Buffer Overflow
    • Scripting
      • Script Language Syntax
    • SQL
    • SSH & SCP
    • Steganography
    • Wireless
  • Unsorted
Powered by GitBook
On this page
  • Task Checklist
  • Recon and analysis
  • Test handling of Identity and Access Management (IAM)
  • Test handling of input
  • Test application logic
  • Assess application hosting
  • Miscellaneous tests
  • References

Was this helpful?

Edit on GitHub
  1. Web
  2. Web Notes

The Web Application Hacker's Handbook

Web Application Hacker's Handbook Task Checklist

PreviousSubdomain/Virtual Host EnumerationNextiOS

Last updated 4 years ago

Was this helpful?

Based off of the original Web Application Hacker's Handbook, this project was revamped as a free online training site at . The author of the original books worked in conjunction with Portswigger to create the Web Security Academy. The below checklist is meant as a methodology to complement their training.

Task Checklist

Recon and analysis

Test handling of Identity and Access Management (IAM)

Test handling of input

Test application logic

Assess application hosting

Miscellaneous tests

References

If you like this content and would like to see more, please consider !

https://portswigger.net/web-security
https://portswigger.net/web-security
https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab
buying me a coffee