This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Input Validation"
| Line 1: | Line 1: | ||
| + | [[http://www.owasp.org/index.php/Web_Application_Penetration_Testing_AoC Up]]<br> | ||
| + | |||
=== Data Validation Testing === | === Data Validation Testing === | ||
---- | ---- | ||
| − | + | ||
...Intro here... | ...Intro here... | ||
Revision as of 14:48, 12 October 2006
[Up]
Data Validation Testing
...Intro here...
4.6.1 Cross site scripting
4.6.1.1 Incubated attacks
4.6.1.2 Phishing (using javascript)
4.6.1.3 HTTP Methods + XSS (TRACE)
4.6.2 SQL Injection
4.6.2.1 Oracle, mySQL, SQL Server, TeraData
4.6.2.2 Extended stored procedures
4.6.2.3 Stored procedure injection
4.6.2.4 Oracle +SQLServer ports and attacks
4.6.2.5 Listener attacks etc. 1521 1433 1527
4.6.3 Command Execution
Orm injection 0% TD, ORM Injection, LDAP Injection, XML Injection, SSI Injection, XPath Injection, SQL Injection, IMAP/SMTP Injection, Code Injection, OS Commanding
4.6.4 Buffer overflow Testing
4.6.4.1 Heap overflow
4.6.4.2 Stack overflow
4.6.4.3 Format string
