This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Client Side Testing

Jump to: navigation, search
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: Back to the OWASP Testing Guide Project:

4.12 Client-Side Testing

Client-Side testing is concerned with the execution of code on the client, typically natively within a web browser or browser plugin. The execution of code on the client-side is distinct from executing on the server and returning the subsequent content.

The following articles describe how to conduct a Client-Side test of a web application:

4.12.1 Testing for DOM based Cross Site Scripting (OTG-CLIENT-001)

4.12.2 Testing for JavaScript Execution (OTG-CLIENT-002)

4.12.3 Testing for HTML Injection (OTG-CLIENT-003)

4.12.4 Testing for Client Side URL Redirect (OTG-CLIENT-004)

4.12.5 Testing for CSS Injection (OTG-CLIENT-005)

4.12.6 Testing for Client Side Resource Manipulation (OTG-CLIENT-006)

4.12.7 Test Cross Origin Resource Sharing (OTG-CLIENT-007)

4.12.8 Testing for Cross Site Flashing (OTG-CLIENT-008)

4.12.9 Testing for Clickjacking (OTG-CLIENT-009)

4.12.10 Testing WebSockets (OTG-CLIENT-010)

4.12.11 Test Web Messaging (OTG-CLIENT-011)

4.12.12 Test Local Storage (OTG-CLIENT-012)