3 analyse the each page and its contest specially input field such as test all response for cookie and token related such as path attribute secure and httponly and server info and if any sensitive info (username, password,internal ip addr ess,) txtfield for sql if its searching and returning data from database or sa ving data to database txtfield for xss or page code for xss check whether csrf token is implemted or not for csrf