Hacking Methodology Self-Explanatory
- autogen pass predictable
- bruteforce resistence
- insecure protocol
- insecure storage
- insuficient session expiration
- missing hsts
- password quality
- unsafe distribution
- unsafe transmision
- username enumeration
- username uniqueness
- csp
- directory listing
- mixed content over https
- inline scripts/css
- lack of resources
- rate limiting
- slowloris (keep-alive)
- form
- dangling
- credentials in source code
- metadata
- private data disclosure
- wildcard credentials
- priv bypass
- priv scalation
- race condition
- Stored
- Reflected
- Dom
- clear credentials in browser
- clear credentials in memory