OWASP - User contributions [en]

Columbia

2019-04-05T14:18:36Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - Thursday March 28th 2019 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-59027002353

'''TOPIC: "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS'''

As usual the cost is absolutely nothing! There will also be some hacker trivia with a few giveaways!

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

'''Presentation from March 28th 2019 on "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS" -->''' [https://drive.google.com/file/d/1LOMRKgFf9mvKHwVQjZKej70XEhU7-sVe/view?usp=sharing Cover Your XSS: Attacks in Appland - Exploring the World of XSS]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2019-04-05T14:14:21Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - Thursday March 28th 2019 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-59027002353

'''TOPIC: "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS'''

As usual the cost is absolutely nothing! There will also be some hacker trivia with a few giveaways!

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>
[[File:Covering XSS Attacks - OWASP-Columbia-Spring-Meetup.pdf.png|thumb]]
'''Presentation from March 28th 2019 on "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS" --------------------------------------------------------------------------------->'''

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2019-04-05T14:11:43Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - Thursday March 28th 2019 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-59027002353

'''TOPIC: "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS'''

As usual the cost is absolutely nothing! There will also be some hacker trivia with a few giveaways!

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>
[[File:Covering XSS Attacks - OWASP-Columbia-Spring-Meetup.pdf.png|thumb]]
'''Presentation from March 28th 2019 on "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS" ---------------------------------------------------------------------------------->'''

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

File:Covering XSS Attacks - OWASP-Columbia-Spring-Meetup.pdf.png

2019-04-05T14:10:51Z

Frank.catucci:

Covering XSS Attacks - OWASP-Columbia-Spring-Meetup.pdf

File:Covering XSS Attacks - OWASP-Columbia-Spring-Meetup.pdf

2019-04-05T14:07:41Z

Frank.catucci:

March 28th 2019 - Covering XSS Attacks

Columbia

2019-03-19T16:53:29Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - Thursday March 28th 2019 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-59027002353

'''TOPIC: "Cover Your XSS: Attacks in Appland" - Exploring the World of XSS'''

As usual the cost is absolutely nothing! There will also be some hacker trivia with a few giveaways!

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

Link to presentation from August 31st Meeting on "Recon - Seek and Destroy" is located here -> [http://bit.ly/2wVJkTd Recon - Seek and Destroy]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2018-12-10T21:47:52Z

Frank.catucci: meeting info

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - WEDNESDAY DECEMBER 19th 2018 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-53550669494

'''TOPIC: OWASP Meet and Greet and Hacker/AppSec Jeopardy!'''

As usual the cost is absolutely nothing! There will also be some hacker trivia with a few giveaways!

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

Link to presentation from August 31st Meeting on "Recon - Seek and Destroy" is located here -> [http://bit.ly/2wVJkTd Recon - Seek and Destroy]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2018-05-22T16:05:17Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - THURSDAY June 7th 2018 - Register Now ->''' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-46323138755

'''TOPIC: XXE - XML External Entity Processing'''

Abstract: Frank Catucci will be delivering an introduction and overview of XXE including the how and why it got into the all new OWASP Top 10. XXE exploitation and prevention methods will also be discussed. Q&A is welcome.

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

Link to presentation from August 31st Meeting on "Recon - Seek and Destroy" is located here -> [http://bit.ly/2wVJkTd Recon - Seek and Destroy]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2018-05-18T19:12:35Z

Frank.catucci: Meeting info

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - THURSDAY June 7th 2018 - Register Now -> Eventbrite link to register coming soon!'''

'''TOPIC: XXE - XML External Entity Processing'''

Abstract: Frank Catucci will be delivering an introduction and overview of XXE including the how and why it got into the all new OWASP Top 10. XXE exploitation and prevention methods will also be discussed. Q&A is welcome.

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

Link to presentation from August 31st Meeting on "Recon - Seek and Destroy" is located here -> [http://bit.ly/2wVJkTd Recon - Seek and Destroy]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2017-11-30T14:42:22Z

Frank.catucci: /* Local News */

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==
'''NEXT MEETING - THURSDAY DECEMBER 7th 2017 - Register Now -> https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-40902614822'''

'''Firetalk Format - 1.) Hashing vs. Encryption for Passwords, 2.) AppInventory/AppDiscovery in the SDLC, and 3.) Abusing SSI'''

<nowiki>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</nowiki>

Link to presentation from August 31st Meeting on "Recon - Seek and Destroy" is located here -> [http://bit.ly/2wVJkTd Recon - Seek and Destroy]

PDF from SQLi meeting from October meeting is located here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing SQLi Presentation]

Everyone is always welcome to join us at our chapter meetings.

Link to OWASP Vulnerable Web Applications Directory Project can be found here -> [[OWASP Vulnerable Web Applications Directory Project]]

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2017-09-05T17:34:34Z

Frank.catucci: /* Local News */

Columbia

2017-09-05T17:26:02Z

Frank.catucci:

Columbia

2017-07-31T17:13:08Z

Frank.catucci:

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

August 31st, 2017 Meeting is scheduled!

''SIGN UP HERE --->'' https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-36367635577 - ''Join us for '''"Recon - Seek and Destroy"'''''

''This first phase of a web application penetration test is focused on collecting as much information as possible about a target application. We will explore some of the most common ways to explore web applications today.''

'''PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2017-07-31T15:41:06Z

Frank.catucci:

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

August 31st, 2017 Meeting is scheduled!

''Join us for "Recon - Seek and Destroy"''

''This first phase of a web application penetration test is focused on collecting as much information as possible about a target application. We will explore some of the most common ways to explore web applications today.''

'''PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2017-07-19T21:36:06Z

Frank.catucci: /* Local News */

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

August 2017 Meeting is scheduled!

https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-36367635577 - ''Join us for "Recon - Seek and Destroy"''

''This first phase of a web application penetration test is focused on collecting as much information as possible about a target application. We will explore some of the most common ways to explore web applications today.''

'''PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2017-07-19T21:33:42Z

Frank.catucci:

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci], [mailto:Ralph.Collum@owasp.org Ralph Collum], [mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

October 2016 Meeting is scheduled!

https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-27918792861 - Join us for SQLi from a dev perspective =)

'''PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Frank Catucci 2016 Bio & Why Me?

2016-12-20T23:41:48Z

Frank.catucci:

'''About Frank:'''

Frank Catucci is currently the Director of Web Application Security, Product Manager and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Security duties, Frank also conducts security research, penetration testing, and often speaks at information security conferences and events.

Frank is also the OWASP chapter leader for the Columbia, SC OWASP chapter. Frank is a volunteer and industry mentor for CybersecurityFactory, Highland Partners and MIT.edu mentorship projects and initiatives. Frank is part of the OWASP bug bounty initiative and contributes to other wiki and cheatsheet content.

----
'''Why I would like to be elected to the Global OWASP Foundation Board of Directors'''

I love OWASP and everything that it offers to the world of appsec and infosec globally. There are some brilliant minds, determined, diligent and genuinely caring folks at OWASP.

I want to be able to give back to an organization that is maturing, seemingly reaching a turning point in its growth and evolution, and has been affected by recent loss. I care deeply and want to be able to help in the most professional and diplomatic way possible. I think first and foremost, focusing on training and outreach is pivotal to accomplishing this goal and this is what I want to concentrate on if I am elected.

Frank Catucci 2016 Bio & Why Me?

2016-11-23T00:38:33Z

Frank.catucci:

'''About Frank:'''

Frank Catucci is currently the Director of Web Application Security, Product Manager and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Security duties, Frank also conducts security research, penetration testing, and often speaks at information security conferences and events.

Frank is also the OWASP chapter leader for the Columbia, SC OWASP chapter. Frank is a volunteer and industry mentor for CybersecurityFactory, Highland Partners and MIT.edu mentorship projects and initiatives. Frank is part of the OWASP bug bounty initiative and contributes to other wiki and cheatsheet content.

'''Why I would like to be elected to the Global OWASP Foundation Board of Directors'''

I love OWASP and everything that it offers to the world of appsec and infosec globally. There are some brilliant minds, determined, diligent and genuinely caring folks at OWASP.

I want to be able to give back to an organization that is maturing, seemingly reaching a turning point in its growth and evolution, and has been affected by recent loss. I care deeply and want to be able to help in the most professional and diplomatic way possible. I think first and foremost, focusing on training and outreach is pivotal to accomplishing this goal and this is what I want to concentrate on if I am elected.

Columbia

2016-10-07T14:45:23Z

Frank.catucci:

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci],[mailto:Ralph.Collum@owasp.org Ralph Collum],[mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

October 2016 Meeting is scheduled!

https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-27918792861 - Join us for SQLi from a dev perspective =)

'''PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]'''

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2016-10-07T14:44:49Z

Frank.catucci:

<nowiki><nowiki>Insert non-formatted text here</nowiki></nowiki>{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci],[mailto:Ralph.Collum@owasp.org Ralph Collum],[mailto:wscalf@gmail.com William Scalf].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

October 2016 Meeting is scheduled!

https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-27918792861 - Join us for SQLi from a dev perspective =)

PDF from SQLi meeting from 10/6/2016 meeting here -> [https://drive.google.com/file/d/0B4C2y2IyDLI8YmRCUnluSTE3ZlE/view?usp=sharing]

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Columbia

2016-10-07T14:43:14Z

Frank.catucci:

Columbia

2016-09-21T12:26:28Z

Frank.catucci:

Frank Catucci 2016 Bio & Why Me?

2016-09-12T19:19:33Z

Frank.catucci:

'''About Frank:'''

Frank Catucci is currently the Director of Web Application Security, Product Manager and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Security duties, Frank also conducts security research, penetration testing, and often speaks at information security conferences and events.

Frank is also the OWASP chapter leader for the relative new formed Columbia, SC OWASP chapter. Frank is a volunteer and industry mentor for CybersecurityFactory, Highland Partners and MIT.edu mentorship projects and initiatives. Frank is part of the OWASP bug bounty initiative and contributes to other wiki and cheatsheet content.

'''Why I would like to be elected to the Global OWASP Foundation Board of Directors'''

I love OWASP and everything that it offers to the world of appsec and infosec globally. There are some brilliant minds, determined, diligent and genuinely caring folks at OWASP.

I want to be able to give back to an organization that is maturing, seemingly reaching a turning point in its growth and evolution, and has been affected by recent loss. I care deeply and want to be able to help in the most professional and diplomatic way possible. I think first and foremost, focusing on training and outreach is pivotal to accomplishing this goal and this is what I want to concentrate on if I am elected.

Frank Catucci 2016 Bio & Why Me?

2016-08-24T20:53:07Z

Frank.catucci:

'''About Frank:'''

Frank Catucci is currently the Director of Web Application Security, Product Manager and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Security duties, Frank also conducts security research, penetration testing, and often speaks at information security conferences and events.

Frank is also the OWASP chapter leader for the relative new formed Columbia, SC OWASP chapter. Frank is a volunteer and industry mentor for CybersecurityFactory, Highland Partners and MIT.edu mentorship projects and initiatives. Frank is part of the OWASP bug bounty initiative and contributes to other wiki and cheatsheet content.

'''Why I would like to be elected to the Global OWASP Foundation Board of Directors'''

I love OWASP and everything that it offers to the world of appsec and infosec globally. There are some brilliant minds, determined, diligent and genuinely caring folks at OWASP. There is plenty of discord and disagreement, but for the most part it is constructive.

I want to be able to give back to an organization that is maturing, seemingly reaching a turning point, and has been affected by recent loss. I care and want to be able to help in the most professional and diplomatic way possible. I think focusing on training and outreach is pivotal to accomplishing this goal and this is what I want to concentrate on.

Columbia

2016-08-15T13:52:07Z

Frank.catucci:

Help Secure Owasp assests

2016-02-16T14:07:06Z

Frank.catucci: /* Contributions */

=Draft=
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board

==Vendor Neutrality==
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.

'''OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''

https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines

==Goals==
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
* Wiki
* Mailman
* Any other OWASP publicly accessible assets

==Contributions==
This can be in the form of:

* Security assessment of OWASP web applications
* Pen testing
* Remediation and patching
* Coordinating and Assisting in Bug Bounty Program for OWASP (TBD)

===Sponsorship Barter deals Bug Bounty Management Services ===

Kelly SantaLucia, Josh Sokol and Claudia are leading this effort, Johanna as adviser (Bug Bounty for projects), Frank Catucci as adviser (hiring, if barter deal is reached)

Goal: to find a Bug Bounty Management Services willing to sponsorship OWASP in barter deal contract

Details are still being discussed

Status:
* BugCrowd proposal==> In progress, Proposal received
* HackerOne ==> made contact , no proposal received yet

==Volunteers/Companies==
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki

Set please the following info:
*Company/name volunteer
* Kind of contribution:
* Bug validation - [[user:Frank.catucci|Frank Catucci]]
* Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]] , [[user:Gabrielgumbs|Gabriel Gumbs]] ,
* Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]], [[user:Makash|Akash Mahajan]] and [https://www.owasp.org/index.php/Bangalore#tab=Chapter_Leaders| Riyaz Walikar]
* UAT
* Patching wiki
* Patching mailman - [[user:achim|Achim]]

==Proposals==
This will be discussed during the Board meeting on February 17th 2016

Help Secure Owasp assests

2016-02-13T00:37:31Z

Frank.catucci: /* Contributions */

=Draft=
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board

==Vendor Neutrality==
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.

'''OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''

https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines

==Goals==
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
* Wiki
* Mailman
* Any other OWASP publicly accessible assets

==Contributions==
This can be in the form of:

* Security assessment of OWASP web applications
* Pen testing
* Remediation and patching
* Coordinating and Assisting in Bug Bounty Program for OWASP (TBD)

==Volunteers/Companies==
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki

Set please the following info:
*Company/name volunteer
* Kind of contribution:
* Bug validation - [[user:Frank.catucci|Frank Catucci]]
* Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]]
* Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]]
* UAT
* Patching wiki
* Patching mailman - [[user:achim|Achim]]

==Proposals==
This will be discussed during the Board meeting on February 17th 2016

Help Secure Owasp assests

2016-02-13T00:36:25Z

Frank.catucci: /* Volunteers/Companies */

=Draft=
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board

==Vendor Neutrality==
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.

'''OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''

https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines

==Goals==
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
* Wiki
* Mailman
* Any other OWASP publicly accessible assets

==Contributions==
This can be in the form of:

* Security assessment of OWASP web applications
* Pen testing
* Remediation and patching

==Volunteers/Companies==
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki

Set please the following info:
*Company/name volunteer
* Kind of contribution:
* Bug validation - [[user:Frank.catucci|Frank Catucci]]
* Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]]
* Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]]
* UAT
* Patching wiki
* Patching mailman - [[user:achim|Achim]]

==Proposals==
This will be discussed during the Board meeting on February 17th 2016

Help Secure Owasp assests

2016-02-13T00:35:50Z

Frank.catucci: /* Volunteers/Companies */

=Draft=
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board

==Vendor Neutrality==
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.

'''OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''

https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines

==Goals==
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
* Wiki
* Mailman
* Any other OWASP publicly accessible assets

==Contributions==
This can be in the form of:

* Security assessment of OWASP web applications
* Pen testing
* Remediation and patching

==Volunteers/Companies==
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki

Set please the following info:
*Company/name volunteer
* Kind of contribution:
* Bug validation - [[user:Frank.catucci|Frank Catucci]]
* Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]]
* Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]]
* UAT
* Patching wiki
* Patching mailman:     - [[user:achim|Achim]],

==Proposals==
This will be discussed during the Board meeting on February 17th 2016

Help Secure Owasp assests

2016-02-13T00:35:12Z

Frank.catucci: /* Volunteers/Companies */

=Draft=
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board

==Vendor Neutrality==
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.

'''OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''

https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines

==Goals==
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
* Wiki
* Mailman
* Any other OWASP publicly accessible assets

==Contributions==
This can be in the form of:

* Security assessment of OWASP web applications
* Pen testing
* Remediation and patching

==Volunteers/Companies==
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki

Set please the following info:
*Company/name volunteer
* Kind of contribution:
* Bug validation [[user:Frank.catucci|Frank Catucci]]
* Bug/Researcher Disclosure and Coordination [[user:Frank.catucci|Frank Catucci]]
* Pen testing [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]]
* UAT
* Patching wiki
* Patching mailman:     [[user:achim|Achim]],

==Proposals==
This will be discussed during the Board meeting on February 17th 2016

Help Secure Owasp assests

2016-02-13T00:29:18Z

Frank.catucci: /* Goals */

Columbia

2015-12-29T15:47:15Z

Frank.catucci:

{{Chapter Template|chaptername=Columbia, SC, USA|extra=The chapter leaders are [mailto:Frank.Catucci@owasp.org Frank Catucci],[mailto:Timothy.Deblock@owasp.org Timothy De Block],[mailto:Ralph.Collum@owasp.org Ralph Collum].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-columbia|emailarchives=http://lists.owasp.org/pipermail/owasp-columbia}}

== Local News ==

January 2016 Meeting is scheduled!

https://www.eventbrite.com/e/owasp-columbia-meeting-tickets-19920840771

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:United States]]
[[Category:South Carolina]]

Web Application Security Testing Cheat Sheet

2015-09-17T18:10:29Z

Frank.catucci: /* Session Management */

= DRAFT CHEAT SHEET - WORK IN PROGRESS =

= Introduction =

This cheat sheet provides a checklist of tasks to be performed when performing a blackbox security test of a web application.

= Purpose =

This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the [[:Category:OWASP Testing Project|OWASP Testing Guide]]. It will be updated as the [[OWASP_Application_Testing_guide_v4|Testing Guide v4]] is progressed.

The intention is that this guide will be available as an XML document, with scripts that convert it into formats such as pdf, Media Wiki markup, HTML etc.

This will allow it to be consumed within security tools as well as being available in a format suitable for printing.

All feedback or offers of help will be appreciated - and if you have specific chances you think should be made, just get stuck in.

= The Checklist =

== Information Gathering ==
* Manually explore the site
* [[Testing:_Spidering_and_googling | Spider/crawl]] for missed or hidden content
* [[Review_Webserver_Metafiles_for_Information_Leakage_(OTG-INFO-003)|Check the Webserver Metafiles]] for information leakage files that expose content, such as robots.txt, sitemap.xml, .DS_Store
* [[Conduct_search_engine_discovery/reconnaissance_for_information_leakage_(OTG-INFO-001)|Check the caches of major search engines for publicly accessible sites]]
* Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
* [[Review_webpage_comments_and_metadata_for_information_leakage_(OTG-INFO-005) | Check The Webpage Comments and Metadata for Information Leakage]]
* [[Fingerprint_Web_Application_Framework_(OTG-INFO-008) | Check The Web Application Framework]]
* [[Fingerprint_Web_Server_(OTG-INFO-002)|Perform Web Application Fingerprinting]]
* Identify technologies used
* [[Test_Role_Definitions_(OTG-IDENT-001)|Identify user roles]]
* [[Identify_application_entry_points_(OTG-INFO-006) | Identify application entry points]]
* Identify client-side code
* Identify multiple versions/channels (e.g. web, mobile web, mobile app)
* [[Web_Services | Identify web services]]
* Identify co-hosted and related applications
* Identify all hostnames and ports
* Identify third-party hosted content

== Configuration Management ==
* Check for commonly used application and administrative URLs
* [[4.3.4_Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004) | Check for old, backup and unreferenced files]]
* [[Test_HTTP_Methods_(OTG-CONFIG-006) | Check HTTP methods supported and Cross Site Tracing (XST)]]
* [[4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information_(OTG-CONFIG-003) | Test file extensions handling]]
* [[Test_RIA_cross_domain_policy_(OTG-CONFIG-008) | Test RIA cross domain policy]]
* Test for [[List_of_useful_HTTP_headers | security HTTP headers]] (e.g. CSP, X-Frame-Options, HSTS)
* Test for policies (e.g. Flash, Silverlight, robots)
* Test for non-production data in live environment, and vice-versa
* Check for sensitive data in client-side code (e.g. API keys, credentials)

== Secure Transmission ==
* [[Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001) | Check SSL Version, Algorithms, Key length]]
* Check for Digital Certificate Validity (Duration, Signature and CN)
* Check credentials only delivered over HTTPS
* Check that the login form is delivered over HTTPS
* Check session tokens only delivered over HTTPS
* [[Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-009) | Check if HTTP Strict Transport Security (HSTS) in use]]

== Authentication ==
* [[Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) | Test for user enumeration]]
* [[Testing_for_Bypassing_Authentication_Schema_(OTG-AUTHN-004) | Test for authentication bypass]]
* [[Testing_for_Brute_Force_(OWASP-AT-004) | Test for brute force protection]]
* [[Testing_for_Credentials_Transported_over_an_Encrypted_Channel_(OTG-AUTHN-001)|Test for Credentials Transported over an Encrypted Channel]]
* [[Testing_for_Weak_password_policy_(OTG-AUTHN-007)|Test password quality rules
* Test remember me functionality]]
* Test password reset and/or recovery
* Test password change process
* Test CAPTCHA
* Test multi factor authentication
* Test for logout functionality presence
* Test for cache management on HTTP (eg Pragma, Expires, Max-age)
* Test for default logins
* Test for user-accessible authentication history
* Test for out-of channel notification of account lockouts and successful password changes
* Test for consistent authentication across applications with shared authentication schema / SSO and alternative channels
* Test for Weak security question/answer

== Session Management ==
* Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
* [[Testing_for_cookies_attributes_(OTG-SESS-002)|Check session tokens for cookie flags (httpOnly and secure)]]
* [[Testing_for_cookies_attributes_(OTG-SESS-002)|Check session cookie scope (path and domain)]]
* Check session cookie duration (expires and max-age)
* [[Test_Session_Timeout_(OTG-SESS-007)|Check session termination after a maximum lifetime]]
* [[Test_Session_Timeout_(OTG-SESS-007)|Check session termination after relative timeout]]
* [[Testing_for_logout_functionality_(OTG-SESS-006)|Check session termination after logout]]
* Test to see if users can have multiple simultaneous sessions
* [[Testing_for_Session_Management_Schema_(OTG-SESS-001)#Session_ID_Predictability_and_Randomness | Test session cookies for randomness]]
* Confirm that new session tokens are issued on login, role change and logout
* Test for consistent session management across applications with shared session management
* Test for session puzzling
* Test for CSRF and clickjacking

== Authorization ==
* [[Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)|Test for path traversal]]
* [[Testing_for_Privilege_escalation_(OTG-AUTHZ-003)|Test for vertical Access control problems (a.k.a. Privilege Escalation)]]
* Test for horizontal Access control problems (between two users at the same privilege level)
* [[Testing_for_Bypassing_Authorization_Schema_(OTG-AUTHZ-002)|Test for missing authorisation]]
* [[Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)|Test for Insecure Direct Object References]]

== Data Validation ==
* [[Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)|Test for Reflected Cross Site Scripting]]
* [[Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002)|Test for Stored Cross Site Scripting]]
* [[Testing_for_DOM-based_Cross_site_scripting_(OTG-CLIENT-001)|Test for DOM based Cross Site Scripting]]
* Test for Cross Site Flashing
* Test for HTML Injection
* [[Testing_for_SQL_Injection_(OTG-INPVAL-005)|Test for SQL Injection]]
* Test for LDAP Injection
* [[Testing_for_ORM_Injection_(OTG-INPVAL-007)|Test for ORM Injection]]
* [[Testing_for_XML_Injection_(OTG-INPVAL-008)|Test for XML Injection]]
* Test for XXE Injection
* [[Testing_for_SSI_Injection_(OTG-INPVAL-009)|Test for SSI Injection]]
* [[Testing_for_XPath_Injection_(OTG-INPVAL-010)|Test for XPath Injection]]
* Test for XQuery Injection
* [[Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011)|Test for IMAP/SMTP Injection]]
* [[Testing_for_Code_Injection_(OTG-INPVAL-012)|Test for Code Injection]]
* Test for Expression Language Injection
* [[Testing_for_Command_Injection_(OTG-INPVAL-013)|Test for Command Injection]]
* Test for Overflow ([[Testing_for_Stack_Overflow|Stack]], [[Testing_for_Heap_Overflow|Heap]] and Integer)
* [[Testing_for_Format_String|Test for Format String]]
* Test for incubated vulnerabilities
* [[Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016)|Test for HTTP Splitting/Smuggling]]
* Test for HTTP Verb Tampering
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards|Test for Open Redirection]]
* [[Testing_for_Local_File_Inclusion|Test for Local File Inclusion]]
* [[Testing_for_Remote_File_Inclusion|Test for Remote File Inclusion]]
* Compare client-side and server-side validation rules
* Test for NoSQL injection
* Test for HTTP parameter pollution
* Test for auto-binding
* Test for Mass Assignment
* Test for NULL/Invalid Session Cookie

== Denial of Service ==
* Test for anti-automation
* [[Testing_for_Weak_lock_out_mechanism_(OTG-AUTHN-003)|Test for account lockout]]
* Test for HTTP protocol DoS
* Test for SQL wildcard DoS

== Business Logic ==
* [[Test_business_logic_data_validation_(OTG-BUSLOGIC-001) | Test business logic data validation]]
* [[Test_Ability_to_forge_requests_(OTG-BUSLOGIC-002) | Test ability to forge requests]]
* Test for feature misuse
* Test for lack of non-repudiation
* Test for trust relationships
* [[Test_integrity_checks_(OTG-BUSLOGIC-003) | Test for integrity of data]]
* Test segregation of duties
* [[Test_for_Process_Timing_(OTG-BUSLOGIC-007) | Test for Process Timing]]
* [[Test_number_of_times_a_function_can_be_used_limits_(OTG-BUSLOGIC-007) | Test Number of Times a Function Can be Used Limits]]
* [[Testing_for_the_Circumvention_of_Work_Flows_(OTG-BUSLOGIC-009) | Test for the Circumvention of Work Flows]]
* [[Test_defenses_against_application_mis-use_(OTG-BUSLOGIC-011) | Test Defenses Against Application Mis-use]]
* [[Test_Upload_of_Unexpected_File_Types_(OTG-BUSLOGIC-015) | Test Upload of Unexpected File Types]]
* [[Test_Upload_of_Malicious_Files_(OTG-BUSLOGIC-016) | Test upload of malicious files]]

== Cryptography ==
* [[Testing_for_Sensitive_information_sent_via_unencrypted_channels_(OTG-CRYPST-003)|Check if data which should be encrypted is not]]
* Check for wrong algorithms usage depending on context
* [[Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)|Check for weak algorithms usage]]
* [[Password_Storage_Cheat_Sheet#Use_a_cryptographically_strong_credential-specific_salt | Check for proper use of salting]]
* [[Insecure_Randomness | Check for randomness functions]]

== Risky Functionality - File Uploads ==
* [[Test_Upload_of_Unexpected_File_Types_(OTG-BUSLOGIC-008)|Test that acceptable file types are whitelisted and non-whitelisted types are rejected]]
* Test that file size limits, upload frequency and total file counts are defined and are enforced
* Test that file contents match the defined file type
* [[Test_Upload_of_Malicious_Files_(OTG-BUSLOGIC-009)|Test that all file uploads have Anti-Virus scanning in-place.]]
* Test that unsafe filenames are sanitised
* Test that uploaded files are not directly accessible within the web root
* Test that uploaded files are not served on the same hostname/port
* Test that files and other media are integrated with the authentication and authorisation schemas

== Risky Functionality - Card Payment ==
* Test for known vulnerabilities and configuration issues on Web Server and Web Application
* Test for default or guessable password
* Test for non-production data in live environment, and vice-versa
* [[Injection_Flaws | Test for Injection vulnerabilities ]]
* [[Testing_for_Buffer_Overflow_(OTG-INPVAL-014) | Test for Buffer Overflows]]
* [[Top_10_2010-A7-Insecure_Cryptographic_Storage | Test for Insecure Cryptographic Storage]]
* [[Top_10_2010-A9-Insufficient_Transport_Layer_Protection | Test for Insufficient Transport Layer Protection]]
* [[Web_Application_Security_Testing_Cheat_Sheet#Error_Handling|Test for Improper Error Handling]]
* Test for all vulnerabilities with a CVSS v2 score > 4.0
* Test for Authentication and Authorization issues
* [[Testing_for_CSRF_(OTG-SESS-005)|Test for CSRF]]

== Web Service Testing ==
* [[Web_Service_Security_Testing_Cheat_Sheet | Test for Web Service Issues]]
* [[REST_Assessment_Cheat_Sheet | Test REST]]

== HTML 5==
* [[Test_Web_Messaging_(OTG-CLIENT-011)|Test Web Messaging]]
* [[Test_Local_Storage_(OTG-CLIENT-012)|Test for Web Storage SQL injection]]
* [[Test_Cross_Origin_Resource_Sharing_(OTG-CLIENT-007)|Check CORS implementation]]
* [[HTML5_Security_Cheat_Sheet#Offline_Applications | Check Offline Web Application]]

== Error Handling==
* [[Testing_for_Error_Code_(OTG-ERR-001)|Check for Error Codes]]
* [[Testing_for_Stack_Traces_(OTG-ERR-002)|Check for Stack Traces]]

== Other Formats ==
* DradisPro template format [https://github.com/raesene/OWASP_Web_App_Testing_Cheatsheet_Converter/blob/master/OWASP_Web_Application_Testing_Cheat_Sheet.xml on github]
* Asana template on [http://templana.com/templates/owasp-website-security-checklist/ Templana] (thanks to Bastien Siebman)

== Authors and contributors ==

[[User:Simon Bennetts|Simon Bennetts]] 
[[User:Raesene|Rory McCune]] 
Colin Watson 
Simone Onofri 
[[User:Amro_Ahmed|Amro AlOlaqi]]

All above are authors of the [[OWASP_Testing_Guide_v3_Table_of_Contents | Testing Guide v3]]

[[User:Ryan_Dewhurst|Ryan Dewhurst]] 
[[User:Frank.catucci | Frank Catucci]]

== Related articles ==

OWASP [[:Category:OWASP Testing Project|Testing Guide]]

Mozilla [https://wiki.mozilla.org/WebAppSec/Web_Security_Verification Web Security Verification]

{{Cheatsheet_Navigation}}

[[Category:Cheatsheets]] [[Category:OWASP_Breakers]]

Web Application Security Testing Cheat Sheet

2015-09-04T16:18:46Z