= Information gathering = == Software / Frameworks / ... == Web server, frameworks, CMS... && version - Headers - Application errors - == SSL == Certificate validity - Expiration - Trusted CA (and chain) - Weak signatures Cipher strength Cipher suites supported Vulnerabilities - Poodle - HeartBleed - Freak - ... == Other == Detect WAFs (Ex.: Wafwoof) = Enumeration / Active discovery = Bruteforce (dirgo, dirb) = Testing = == Session == Session fixation Forced browsing Concurrent logins CSRF Cookies: - Secure - HttpOnly - Path - Domain - Expires == Autorization == Perform privileged actions within an unprivileged session