From 2ab136e12592386f2458673661710394f87245d8 Mon Sep 17 00:00:00 2001
From: "Raghupathi.A" <139057243+raghupathi321@users.noreply.github.com>
Date: Fri, 3 Jan 2025 22:13:12 +0000
Subject: [PATCH] more  checklist points added to HTML5 security Testing
 checklist

---
 README.md | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 15a5fb7..443d984 100644
--- a/README.md
+++ b/README.md
@@ -185,11 +185,24 @@
 - [ ] Test for Authentication and Authorization issues
 - [ ] Test for CSRF
 
+<h3 id="HTML">HTML5 Security Testing Checklist</h3>
+<ul>
+    <li><input type="checkbox"> Test Web Messaging (e.g., <code>window.postMessage</code>) for improper origin validation.</li>
+    <li><input type="checkbox"> Test for Web Storage SQL Injection (LocalStorage/SessionStorage exploitation).</li>
+    <li><input type="checkbox"> Check CORS (Cross-Origin Resource Sharing) implementation and misconfigurations.</li>
+    <li><input type="checkbox"> Check Offline Web Application for unauthorized data access when offline.</li>
+    <li><input type="checkbox"> Test for Insecure Use of WebSockets (origin validation, data integrity).</li>
+    <li><input type="checkbox"> Verify proper handling of <code>&lt;iframe&gt;</code> with sandboxing attributes.</li>
+    <li><input type="checkbox"> Test for improper use of the <code>&lt;video&gt;</code> and <code>&lt;audio&gt;</code> elements (e.g., file inclusion attacks).</li>
+    <li><input type="checkbox"> Verify secure usage of the <code>&lt;canvas&gt;</code> element to prevent data leakage.</li>
+    <li><input type="checkbox"> Test for vulnerabilities in IndexedDB and WebSQL (e.g., data persistence risks).</li>
+    <li><input type="checkbox"> Check for insecure use of the <code>Geolocation API</code> (consent handling).</li>
+    <li><input type="checkbox"> Validate secure use of the <code>Drag and Drop API</code> (data injection attacks).</li>
+    <li><input type="checkbox"> Test WebRTC for improper data exposure.</li>
+    <li><input type="checkbox"> Verify proper Content Security Policy (CSP) implementation.</li>
+    <li><input type="checkbox"> Check for insecure handling of <code>&lt;form&gt;</code> elements using <code>autocomplete</code>.</li>
+    <li><input type="checkbox"> Validate secure handling of Service Workers and Cache APIs.</li>
+</ul>
 
-### <a name="HTML">HTML 5</a>
-- [ ] Test Web Messaging
-- [ ] Test for Web Storage SQL injection
-- [ ] Check CORS implementation
-- [ ] Check Offline Web Application
 
 Source: [OWASP](https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet)