Difference between revisions of "OWASP Testing Guide Table of Contents"

Revision as of 13:39, 9 October 2006

Frontispiece

1. Copyright and License
2. Endorsements
3. Trademarks

Introduction

1. Performing An Application Security Review
2. Principles of Testing
3. Testing Techniques Explained

Methodologies Used

1. Secure application design
2. Code Review (See the code review project)
   • Overview
   • Advantages and Disadvantages
3. Penetration Testing
   • Overview
   • Advantages and Disadvantages
4. The Need for a Balanced Approach
5. A Note about Web Application Scanners
6. A Note about Static Source Code Review Tools

Finding Specific Issues In a Non-Technical Manner

1. Threat Modeling Introduction
2. Design Reviews
3. Threat Modeling the Application
4. Policy Reviews
5. Requirements Analysis
6. Developer Interviews and Interaction

Finding Specific Vulnerabilities Using Source Code Review

For code review please see the OWASP Code Review Project

Manual testing techniques

1. Business logic testing
2. Authentication
3. Cookie manipulation
4. Weak session tokens
5. Session riding test
6. Testing for Cross site scripting vulnerabilities
7. Testing for vulnerable remember password implementation
8. Weak Password Self-Reset Testing
9. Testing for default or guessable user accounts and empty passwords
10. Testing for application layer Denial of Service (DoS) attacks
    • DoS Testing: Locking Customer Accounts
    • DoS Testing: Buffer Overflows
    • DoS Testing: User Specified Object Allocation
    • DoS Testing: User Input as a Loop Counter
    • DoS Testing: Writing User Provided Data to Disk
    • DoS Testing: Failure to Release Resources
    • DoS Testing: Storing too Much Data in Session
11. Testing for buffer overflow
    • Testing for heap overflow vulnerability
    • Testing for stack overflow vulnerability
    • Testing for format string vulnerability
12. Testing for test and debug files
13. Testing file extensions handling
14. Testing for Old, backup and unreferenced files
15. Testing defense from Automatic Attacks
16. Infrastructure configuration management testing
17. Application configuration management testing
18. SSL/TLS Testing: support of weak ciphers
19. SSL Testing: certificate validity
20. Web Services Security Testing
21. Analysis about error codes
22. Web services Testing
    • XML Structural Attacks
    • XML content-level attacks
    • HTTP GET parameters/REST attacks
    • Naughty SOAP attachments
    • Brute force attacks

The OWASP Testing Framework

1. Overview
2. Phase 1 — Before Development Begins
   • Phase 1A: Policies and Standards Review
   • Phase 1B: Develop Measurement and Metrics Criteria (Ensure Traceability)
3. Phase 2: During Definition and Design
   • Phase 2A: Security Requirements Review
   • Phase 2B: Design and Architecture Review
   • Phase 2C: Create and Review UML Models
   • Phase 2D: Create and Review Threat Models
4. Phase 3: During Development
   • Phase 3A: Code Walkthroughs
   • Phase 3B: Code Reviews
5. Phase 4: During Deployment
   • Phase 4A: Application Penetration Testing
   • Phase 4B: Configuration Management Testing
6. Phase 5: Maintenance and Operations
   • Phase 5A: Conduct Operational Management Reviews
   • Phase 5B: Conduct Periodic Health Checks
   • Phase 5C: Ensure Change Verification
7. A Typical SDLC Testing Workflow
   • Figure 3: Typical SDLC Testing Workflow.

Appendix A: Testing Tools

1. Source Code Analyzers
   • Open Source / Freeware
   • Commercial
2. Black Box Scanners
   • Open Source
   • Commercial
3. Other Tools
   • Runtime Analysis
   • Binary Analysis
   • Requirements Management

Appendix B: Suggested Reading

1. Whitepapers
2. Books
3. Articles
4. Useful Websites
5. OWASP — http://www.owasp.org

Appendix C: Fuzz Vectors