This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search

Information Security Consultant Formerly Privacy & Information Officer at F-Secure Bordeaux (content cloud business line) CISSP Master in Information Systems Risk Management 20+ years of experience in IT, web & application development, sysadmin, databases, including security aspects of all these domains. Knowledge & skills: Java, Linux, OpenBSD, Agile methods (Scrum, Kanban), Architecture Security (STRIDE), ISO27K, Risk Management, Incident Management.

(WIP) French translation of the Testing Guide:

Testing Guide FR Translation - JCP Notes

4.7 Test de management de sessions


4.7.2 Tester les attributs des cookies (OTG-SESS-002)

4.7.3 Tester les fixations de session (OTG-SESS-003)

4.7.4 Tester les variables de session exposées (OTG-SESS-004)

4.7.5 Tester les CSRF (OTG-SESS-005)

4.7.6 Tester les fonctionnalités de déconnexion (OTG-SESS-006)

4.7.7 Tester l'expiration de session (OTG-SESS-007)

4.7.8 Tester la confusion de session (OTG-SESS-008)

4.8 Tester la validation des entrées

4.8.1 Test de Reflected Cross-Site Scripting (OTG-INPVAL-001)

4.8.2 Test de Stored Cross-Site Scripting (OTG-INPVAL-002)

4.8.3 Test d'HTTP Verb Tampering (OTG-INPVAL-003)

4.8.4 Test d'HTTP Parameter pollution (OTG-INPVAL-004)

4.8.5 Test d'Injection SQL (OTG-INPVAL-005) Tester Oracle Tester MySQL Tester SQL Server Tester PostgreSQL (from OWASP BSP) Tester MS Access Tester les injections NoSQL

4.8.6 Tester les injections LDAP (OTG-INPVAL-006)

4.8.7 Tester les injections ORM (OTG-INPVAL-007)

4.8.8 Tester les injections XML (OTG-INPVAL-008)

4.8.9 Tester les injections SSI (OTG-INPVAL-009)

4.8.10 Tester les injections XPath (OTG-INPVAL-010)

4.8.11 Injections IMAP SMTP (OTG-INPVAL-011)

4.8.12 Tester les injections de code (OTG-INPVAL-012) Tester l'inclusion de fichiers locaux Tester l'inclusion de fichiers distants

4.8.13 Tester les injections de commandes (OTG-INPVAL-013)

4.8.14 Tester les débordements de tampons (OTG-INPVAL-014) Tester les débordements de tas Tester les débordements de pile Tester les format string

4.8.15 Tester les incubated vulnerabilities (OTG-INPVAL-015)

4.8.16 Tester l'HTTP Splitting Smuggling (OTG-INPVAL-016)