Web Application Penetration Testing Checklist

Web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Based on OWASP security testing methodology, he set of active tests have been split into 11 sub-categories for a total of 91 controls.

In here, I’ve created a detail list for security professionals use when doing web app pentesting works.

The excel sheet is on my github repo :

https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists

Reference : OWASP Security Testing Methodology https://wiki.owasp.org/index.php/Testing:_Introduction_and_objectives

https://github.com/OWASP/wstg/tree/master/document