A great article that can be used as a checklist for perform web application penetration testing (webapp pentesting).
Pentesting webapp requires a consistent methodology to perform repeatable tasks such as authentication and authorization checking, input validation checking, session management testing, etc.
Here's a detail cheat sheet for webapp pentesting methodology:
- Information Gathering
- Authentication Testing
- Authorization Testing
- Configuration Management Testing
- Session Management Testing
- Data Validation Testing
- Denial of Service Testing
Links: