top of page

Web Application Pentest/ Bug Bounty Checklist & Methodology

OK, so you want to start pentesting websites or doing bug bounties against web applications, but where do you start? This is the perfect blog just for you!

Please Keep In Mind

Before we go guns blazing into what a methodology of a pentest is and some of the tools you can use are, it's important to understand the legality behind what you're about to perform. Without explicit approval from the owner of that website or the website/ business you're about to do scans on being listed under one of the various bug bounty platforms (worth reading about scopes), you should absolutely not run any scans on their web application. I have to write this in here to cover myself unfortunately, just in case there's a sticky situation where someone says "DC SAID I COULD DO IT AND THAT MAKES IT LEGAL!"

Don't do it without authorization - it's that simple.

OK, lets get onto the fun stuff!

Operating System

Any operating system will do, honestly, but in my example I used WSL2 Ubuntu on a Windows 11 system. Is it perfect? No. Does it work? Yep! I'd recommend using something purpose driven though, like Kali Linux or Parrot or even Black Arch, for those of you who use arch btw.

Weirdly, running neofetch show's that I'm using windows 10, but I assure you, it's actually Windows 11.






Methodology & Checklist

Below are some checklist items I make sure to mark off when completing a web app pentest or undertaking any bug bounties. Keep in mind the tools to be used for each service really depend one the services you're pentesting against, as well as what's in scope (always stay in scope ladies and gents!).

  • [ ] Conduct search engine exploration for leakage of information

  • [ ] Retrieve and evaluate files on robot.txt

  • [ ] Review content of web page

  • [ ] Assess the software edition, database information, the technical error part, coding errors when requesting invalid pages.

  • [ ] Examine the configuration of network infrastructure

  • [ ] Analyze the sources code from the front end of the application accessing pages

  • [ ] Test retention of sensitive information by file extensions

  • [ ] Check CAPTCHA for presenting or not presenting authentication vulnerabilities.

  • [ ] Cloud storage test

  • [ ] Testing the manipulation of roles and privileges to access resources

  • [ ] Check cryptography and error handling

  • [ ] Test by checking Encryption for Exposed Session variables

  • [ ] Data validation testing

  • [ ] Conduct a Directory Traversal Attack to access and execute Restricted Directories commands from outside the root directories of the Web server

  • [ ] Use vulnerability scanning software such as HP web inspect, Evolve conduct vulnerability scanning to identify the network vulnerability and decide whether it is possible to exploit the device.

  • [ ] Conducting a MITM (Man-in-the-middle) attack by blocking communications between end-users and web servers to access confidential information.


So to wrap this little post up nicely, these tools, methodologies and technologies being used are mostly personal preference. I don't pretend to know everything, this is just how I do things, and I'm 99% sure there's better ways that suit your situations better that can be utilised, so say what I say here with a grain of salt and learn to hack all the things your way!

If you are interested in learning more about pentesting, cybersecurity or running an IT business, please get in touch with me to book in a one hour 1:1 session.

363 views0 comments

Recent Posts

See All
bottom of page