Manual Testing Guide

Methodologies and checklists for manual vulnerability assessment.

Checklist

Test for default credentials

Test for weak password policy

Test username enumeration

Methodology

1. Identify all login portals (Admin, User, API).

2. Attempt to bypass login prompts (SQLi, direct browsing).

3. Check for lack of rate limiting on login forms.

Common Payloads

admin' --

admin' #

admin' OR 1=1 --

Session Notes