Share
## https://sploitus.com/exploit?id=33F44B63-249B-5836-A276-78DA9E5A7250
# Web Application Penetration Testing (WAPT) Simulation

This repository contains a simulated web application penetration test
performed against a deliberately vulnerable banking application.

The assessment identified **23 security vulnerabilities** across multiple
security domains including authentication, authorization, injection,
session management, and security misconfiguration.

## Assessment Scope

Target: BankWeb Application  
Environment: Local test environment  
Methodology: OWASP Testing Guide

## Key Findings

• SQL Injection  
• Stored and Reflected XSS  
• Insecure Direct Object References (IDOR)  
• Horizontal and Vertical Privilege Escalation  
• Insecure Session Management  
• CSRF  
• Weak Authentication Controls  
• Missing Security Headers

Each finding includes:

- Vulnerability summary
- Steps to reproduce
- Proof of concept
- Impact analysis
- Recommended mitigations