Skip to content

more checklist points added to HTML5 security Testing checklist #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

more checklist points added to HTML5 security Testing checklist #7

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 18 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,11 +185,24 @@
- [ ] Test for Authentication and Authorization issues
- [ ] Test for CSRF

<h3 id="HTML">HTML5 Security Testing Checklist</h3>
<ul>
<li><input type="checkbox"> Test Web Messaging (e.g., <code>window.postMessage</code>) for improper origin validation.</li>
<li><input type="checkbox"> Test for Web Storage SQL Injection (LocalStorage/SessionStorage exploitation).</li>
<li><input type="checkbox"> Check CORS (Cross-Origin Resource Sharing) implementation and misconfigurations.</li>
<li><input type="checkbox"> Check Offline Web Application for unauthorized data access when offline.</li>
<li><input type="checkbox"> Test for Insecure Use of WebSockets (origin validation, data integrity).</li>
<li><input type="checkbox"> Verify proper handling of <code>&lt;iframe&gt;</code> with sandboxing attributes.</li>
<li><input type="checkbox"> Test for improper use of the <code>&lt;video&gt;</code> and <code>&lt;audio&gt;</code> elements (e.g., file inclusion attacks).</li>
<li><input type="checkbox"> Verify secure usage of the <code>&lt;canvas&gt;</code> element to prevent data leakage.</li>
<li><input type="checkbox"> Test for vulnerabilities in IndexedDB and WebSQL (e.g., data persistence risks).</li>
<li><input type="checkbox"> Check for insecure use of the <code>Geolocation API</code> (consent handling).</li>
<li><input type="checkbox"> Validate secure use of the <code>Drag and Drop API</code> (data injection attacks).</li>
<li><input type="checkbox"> Test WebRTC for improper data exposure.</li>
<li><input type="checkbox"> Verify proper Content Security Policy (CSP) implementation.</li>
<li><input type="checkbox"> Check for insecure handling of <code>&lt;form&gt;</code> elements using <code>autocomplete</code>.</li>
<li><input type="checkbox"> Validate secure handling of Service Workers and Cache APIs.</li>
</ul>

### <a name="HTML">HTML 5</a>
- [ ] Test Web Messaging
- [ ] Test for Web Storage SQL injection
- [ ] Check CORS implementation
- [ ] Check Offline Web Application

Source: [OWASP](https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet)