Access Control

Check Company security policies in place. Check if there is regular monitoring of all aspects of security. Regularly scheduled security testing. Check for encryption enabled wherever required. Reconnaissance Threat Modeling Vulnerability Analysis Exploitation For database check for Default accounts and passwords Easily guessed passwords Missing Patches Mis configurations Excessive Privileges/Parameters