- Bypassing client-side controls
- Attacking authentication
- Attacking session management
- Testing access controls
- Testing for injection vulnerabilities
- Finding cross-site scripting vulnerabilities (XSS)
- Testing for cross-site request forgery (CSRF)
- Testing for insecure direct object references
- Finding security misconfiguration issues
- Testing for sensitive data exposure
- Finding open redirection vulnerabilities
There is also a guide to using Burp Suite to find all of the OWASP Top Ten vulnerabilities.
We will be adding many more methodology articles over the coming months to cover more testing areas and go into more detail on the above topics. If there is a particular subject that you would like to see covered, please let us know.