Web App Testing Methodology

Is it talking to a DB?

  • Is there parameter passing? - if yes…

  • Insert a single quote

Can I or someone else see what I type?

    • Is there a forum, blog, guestbook, contact us page, feedback form, instant messenger? - if yes…

    • Insert <script>alert('xss')</script

Does it reference a file?

    • Is it talking about a file on the local file system - if yes…

    • Insert ../../../../../../etc/passwd, ../../../../../../etc/passwd%00

    • ../../../../../../windows/win.ini, ../../../../../../windows/win.ini%00

PreviousInsomniaNextTest for command injection

Last updated