Are you doing an Offensive Pentesting against a Lua web application?
Q. What is Lua?
A. "Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.
Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode with a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping." - Lua.org
The following checklist represents a simplified visual alternative to the original document Lua Web Application Security Vulnerabilities published in 2014 by Felipe Daragon. In addition, we complete the overall knowledge with a couple of other resources shared at the end of this post.
An updated list contains less know attack vectors will be disclosed with an incremented version of this checklist.
Other Security Considerations
LUA PENTEST CHECK LIST MINDMAP - INSANE QUALITY IMAGE
[*] No high quality picture this time. This is all we know.
LUA PENTEST CHECK LIST MINDMAP - CHERRY TREE IMPORTABLE VERSION
[*] Come back later.
ACKNOWLEDGEMENTS | REFERENCES | RESOURCES