Web Application Penetration testing Checklist

Small scope Medium scope Large scope Network Preparation Registration Authentication Session Profile/Account details Forgot/reset password Input handling Error handling Application Logic Other checksInfrastructure CAPTCHA Security Headers