👨‍💻 Web-App-bug-Check-List

Common Bugs from Low to Critical Level

• Clickjacking
• Auto complete enabled
• Concurrent logins
• Rememebr me feature flaw
• Robots.txt & robots.txt with logs
• No account lockout
• Weak password policy
• Insecure password storage
• Missing 2FA
• Information disclosure through comments
• Session ID not changed on sigin/signout
• Weak session length
• Weak session exipry
• Weak session randomness
• Session ID can be Preset
• Version disclosure in headers & response
• Cleartext Transmission of Sensitive Data
• Insecure Direct Object References (IDOR)
• Cache Poisoning
• Race Condition
• SSL Attack (BREACH, POODLE etc.)
• Path Traversal
• Captcha Bypass
• Weak 2FA Implementation[Old 2FA Code is Not Invalidated After New Code is Generated]
• Weak 2FA Implementation[2FA Code is Not Updated After New Code is Requested]
• Weak Registration Implementation[Allows Disposable Email Addresses]
• Weak Password Reset Implementation[Token is Not Invalidated After Email Change]
• Weak Password Reset Implementation[Token is Not Invalidated After Password Change]
• Weak Password Reset Implementation[Token Has Long Timed Expiry]
• Weak Password Reset Implementation[Token is Not Invalidated After New Token is Requested]
• Weak Password Reset Implementation[Token is Not Invalidated After Login]
• Open Redirect [Flash-Based]
• Open Redirect [Header-Based]
• Open Redirect [POST-Based]
• Open Redirect [GET-Based]
• Sensitive Data Hardcoded [File Paths]
• Sensitive Data Hardcoded [OAuth Secret]
• Sensitive Token in URL On Password Reset
• Sensitive Token in URL In the Background
• Lack of Security Headers
• Missing Secure or HTTPOnly Cookie Flag [Non-Session Cookie]
• Unsafe File Upload File Extension [Filter Bypass]
• Unsafe File Upload [No Size Limit]
• Unsafe File Upload [No malware check on files]
• No Rate Limiting on Forms [Lgin ,password reset,Delete Account,etc]
• Unnecessary Data Collection [WiFi SSID+Password]
• Executable Download [No Secure Integrity Check]
• Sensitive Application Data Stored Unencrypted On External Storage
• Server-Side Credentials Storage [Plaintext]
• Sensitive Data Exposure Via localStorage/sessionStorage Sensitive Token
• Sensitive Data Exposure [Weak Password Reset Implementation Password Reset Token Sent Over HTTP]
• Sensitive Data Exposure [Sensitive Token in URL User Facing]
• Sensitive Data Exposure [Token Leakage via Referer Over HTTP]
• Sensitive Data Exposure [EXIF Geolocation Data Not Stripped From Uploaded Images]
• Failure to Invalidate Session [On Password Reset and/or Change]
• Failure to Invalidate Session [On Logout (Client and Server-Side)]
• Cleartext Transmission of Session Token
• Email HTML Injection
• External Authentication Injection
• Web Application Firewall (WAF) Bypass [Direct Server Access]
• OAuth Misconfiguration [Account Squatting]
• Mail Server Misconfiguration [ Missing or Misconfigured DMARC on Email Domian]
• Misconfigured DNS [Zone Transfer]
• Application-Level Denial-of-Service (DoS)
• Second Factor Authentication (2FA) Bypass
• Content Spoofing-iframe Injection
• HTTP Response Manipulation [Response Splitting (CRLF)]
• Misconfigured DNS [Basic Subdomain Takeover]
• Hardcoded Password [Non-Privileged User]
• Hardcoded Password [Privileged User]
• Cross-Site Scripting (XSS) All types
• Cross-Site Request Forgery (CSRF) All types
• Broken Cryptography [Incorrect Usage]
• Command Injection
• XML External Entity Injection (XXE)
• SQL Injection
• Remote Code Execution (RCE)
• Local File inclusion LFI
• Remote file inclusion RFI