The purpose of this section, High-risk modules, is to list the functions that hackers may be most interested to attack or those that may have a bigger security impact. The following table lists some of the high-risk modules' risks and testing approaches:
Module or functions |
Security risks |
Testing approaches |
Authentication |
Accounts compromised Brute-force attack. |
Bruce-force account attacks Password attacks
|
Administration management |
Privilege escalation. |
The same function tested with different roles. List of admin URLs to be tested with operator or guest accounts. Files ACL check. |
Files upload |
Malicious license files uploaded or files injection attacks. |
Illegal file type, size, name, and ... |