This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide v2 Table of Contents"
| Line 26: | Line 26: | ||
==[[Web Application Penetration Testing AoC |Web Application Penetration Testing ]]== | ==[[Web Application Penetration Testing AoC |Web Application Penetration Testing ]]== | ||
| − | '''4.1 Introduction and objectives''' 0% TD<br> | + | '''4.1 Introduction and objectives''' (0%, TD)<br> |
| − | '''4.2 Information Gathering''' 0% TD<br> | + | '''4.2 Information Gathering''' (0%, TD)<br> |
| − | 4.2.1 Spidering and googling 0% TD<br> | + | 4.2.1 Spidering and googling (0%, TD)<br> |
| − | 4.2.2 Analisys of error code 0% TD<br> | + | 4.2.2 Analisys of error code (0%, TD)<br> |
| − | 4.2.3 Infrastructure configuration management testing 0% TD<br> | + | 4.2.3 Infrastructure configuration management testing (0%, TD)<br> |
| − | 4.2.3.1 SSL/TLS Testing 0% TD<br> | + | 4.2.3.1 SSL/TLS Testing (0%, TD)<br> |
| − | 4.2.3.2 DB Listener Testing 0% TD<br> | + | 4.2.3.2 DB Listener Testing (0%, TD)<br> |
| − | 4.2.4 Application configuration management testing 0% TD<br> | + | 4.2.4 Application configuration management testing (0%, TD)<br> |
| − | 4.2.4.1 File extensions handling 0% TD<br> | + | 4.2.4.1 File extensions handling (0%, TD)<br> |
| − | 4.2.4.1 Old, backup and unreferenced files 0% TD<br> | + | 4.2.4.1 Old, backup and unreferenced files (0%, TD)<br> |
'''4.3 Business logic testing''' (50%,Madhura Halasgikar)<br> | '''4.3 Business logic testing''' (50%,Madhura Halasgikar)<br> | ||
| − | '''4.4 Authentication Testing''' 50% TD<br> | + | '''4.4 Authentication Testing''' (50%, TD)<br> |
| − | 4.4.1 Default or guessable (dictionary) user account 90% TD<br> | + | 4.4.1 Default or guessable (dictionary) user account (90%, TD)<br> |
| − | 4.4.2 Brute Force 0% TD<br> | + | 4.4.2 Brute Force (0%, TD)<br> |
| − | 4.4.3 Bypassing authentication schema 0% TD<br> | + | 4.4.3 Bypassing authentication schema (0%, TD)<br> |
| − | 4.4.4 Directory traversal/file include 0% TD<br> | + | 4.4.4 Directory traversal/file include (0%, TD)<br> |
| − | 4.4.5 Vulnerable remember password and pwd reset 90% TD<br> | + | 4.4.5 Vulnerable remember password and pwd reset (90%, TD)<br> |
| − | 4.4.6 Logout and account expiry 0% TD<br> | + | 4.4.6 Logout and account expiry (0%, TD)<br> |
| − | + | '''4.5 Session Management Testing''' (0%, TD)<br> | |
| − | '''4.5 Session Management Testing''' 0% TD<br> | + | 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) (100%, Review) <br> |
| − | 4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review <br> | + | 4.5.2 Weak session tokens (70%, TD)<br> |
| − | 4.5.2 Weak session tokens 70% TD<br> | + | 4.5.3 Session Riding (100%, Review)<br> |
| − | 4.5.3 Session Riding 100% Review<br> | + | 4.5.4 Exposed session variables (0% ,TD)<br> |
| − | 4.5.4 Exposed session variables 0% TD<br> | + | 4.5.5 HTTP Exploit (0%, TD)<br> |
| − | 4.5.5 HTTP Exploit 0% TD<br> | ||
| − | |||
| − | |||
'''4.6 Data Validation Testing''' 0% TD <br> | '''4.6 Data Validation Testing''' 0% TD <br> | ||
4.6.1 Cross site scripting 0% TD <br> | 4.6.1 Cross site scripting 0% TD <br> | ||
4.6.1.1 HTTP Methods and XST 0% TD <br> | 4.6.1.1 HTTP Methods and XST 0% TD <br> | ||
| − | |||
4.6.2 SQL Injection 0% TD <br> | 4.6.2 SQL Injection 0% TD <br> | ||
4.6.2.1 Stored procedure injection 0% TD <br> | 4.6.2.1 Stored procedure injection 0% TD <br> | ||
| Line 62: | Line 58: | ||
4.6.2.3 MySQL testing 0% TD <br> | 4.6.2.3 MySQL testing 0% TD <br> | ||
4.6.2.4 SQL Server testing (0%,Ariel Waissbein)<br> | 4.6.2.4 SQL Server testing (0%,Ariel Waissbein)<br> | ||
| − | |||
4.6.3 ORM Injection (0%, TD) <br> | 4.6.3 ORM Injection (0%, TD) <br> | ||
4.6.4 LDAP Injection (0%, TD) <br> | 4.6.4 LDAP Injection (0%, TD) <br> | ||
| Line 71: | Line 66: | ||
4.6.9 Code Injection (0%, TD) <br> | 4.6.9 Code Injection (0%, TD) <br> | ||
4.6.10 OS Commanding (0%, TD) <br> | 4.6.10 OS Commanding (0%, TD) <br> | ||
| − | |||
4.6.11 Buffer overflow Testing 100% Review <br> | 4.6.11 Buffer overflow Testing 100% Review <br> | ||
4.6.11.1 Heap overflow 100% Review <br> | 4.6.11.1 Heap overflow 100% Review <br> | ||
4.6.11.2 Stack overflow 100% Review <br> | 4.6.11.2 Stack overflow 100% Review <br> | ||
4.6.11.3 Format string 100% Review <br> | 4.6.11.3 Format string 100% Review <br> | ||
| − | |||
4.6.12 Incubated vulnerability testing (0%,Ariel Waissbein) <br> | 4.6.12 Incubated vulnerability testing (0%,Ariel Waissbein) <br> | ||
| − | |||
'''4.7 Denial of Service Testing''' 95% Review<br> | '''4.7 Denial of Service Testing''' 95% Review<br> | ||
4.7.1 Locking Customer Accounts 100% Review<br> | 4.7.1 Locking Customer Accounts 100% Review<br> | ||
| Line 87: | Line 79: | ||
4.7.6 Failure to Release Resources 100% Review<br> | 4.7.6 Failure to Release Resources 100% Review<br> | ||
4.7.7 Storing too Much Data in Session 90% Review<br> | 4.7.7 Storing too Much Data in Session 90% Review<br> | ||
| + | '''4.8 Web Services Testing''' (0%,Eoin Keary, Mark Roxberry)<br> | ||
| + | 4.8.1 XML Structural Attacks 0%<br> | ||
| + | 4.8.2 XML content-level attacks 0%<br> | ||
| + | 4.8.3 HTTP GET parameters/REST attacks 0%<br> | ||
| + | 4.8.4 Naughty SOAP attachments 0%<br> | ||
| + | 4.8.5 Brute force attacks 0%<br> | ||
| − | ''' | + | '''4.9 AJAX Testing''' (0%, Dan Cornell)<br> |
| − | + | 4.9.1 Vulnerabilities 0%<br> | |
| − | + | 4.9.2 How to test 0%<br> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | 4.9 | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | 4. | ||
| − | 4. | ||
==[[Writing Reports: value the real risk AoC |Writing Reports: value the real risk ]]== | ==[[Writing Reports: value the real risk AoC |Writing Reports: value the real risk ]]== | ||
Revision as of 21:10, 14 October 2006
Legend:
Rewiew: Matteo Meucci
TD: Paragraph To Be Assigned
Frontispiece
1.1 Copyright and License (100%, Review)
1.2 Endorsements (100%, Review)
1.3 Trademarks (100%, Review)
Introduction
2.1 The OWASP Testing Project (100%, Review)
2.2 Principles of Testing (100%, Review)
2.3 Testing Techniques Explained (100%, Review)
The OWASP Testing Framework
3.1. Overview (90%, Review)
3.2. Phase 1 — Before Development Begins (100%, Review)
3.3. Phase 2: During Definition and Design(100%, Review)
3.4. Phase 3: During Development(100%, Review)
3.5. Phase 4: During Deployment(100%, Review)
3.6. Phase 5: Maintenance and Operations(100%, Review)
3.7. A Typical SDLC Testing Workflow (100%, Review)
Web Application Penetration Testing
4.1 Introduction and objectives (0%, TD)
4.2 Information Gathering (0%, TD)
4.2.1 Spidering and googling (0%, TD)
4.2.2 Analisys of error code (0%, TD)
4.2.3 Infrastructure configuration management testing (0%, TD)
4.2.3.1 SSL/TLS Testing (0%, TD)
4.2.3.2 DB Listener Testing (0%, TD)
4.2.4 Application configuration management testing (0%, TD)
4.2.4.1 File extensions handling (0%, TD)
4.2.4.1 Old, backup and unreferenced files (0%, TD)
4.3 Business logic testing (50%,Madhura Halasgikar)
4.4 Authentication Testing (50%, TD)
4.4.1 Default or guessable (dictionary) user account (90%, TD)
4.4.2 Brute Force (0%, TD)
4.4.3 Bypassing authentication schema (0%, TD)
4.4.4 Directory traversal/file include (0%, TD)
4.4.5 Vulnerable remember password and pwd reset (90%, TD)
4.4.6 Logout and account expiry (0%, TD)
4.5 Session Management Testing (0%, TD)
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) (100%, Review)
4.5.2 Weak session tokens (70%, TD)
4.5.3 Session Riding (100%, Review)
4.5.4 Exposed session variables (0% ,TD)
4.5.5 HTTP Exploit (0%, TD)
4.6 Data Validation Testing 0% TD
4.6.1 Cross site scripting 0% TD
4.6.1.1 HTTP Methods and XST 0% TD
4.6.2 SQL Injection 0% TD
4.6.2.1 Stored procedure injection 0% TD
4.6.2.2 Oracle testing 0% TD
4.6.2.3 MySQL testing 0% TD
4.6.2.4 SQL Server testing (0%,Ariel Waissbein)
4.6.3 ORM Injection (0%, TD)
4.6.4 LDAP Injection (0%, TD)
4.6.5 XML Injection (0%, TD)
4.6.6 SSI Injection (0%, TD)
4.6.7 XPath Injection (0%, TD)
4.6.8 IMAP/SMTP Injection (0%, TD)
4.6.9 Code Injection (0%, TD)
4.6.10 OS Commanding (0%, TD)
4.6.11 Buffer overflow Testing 100% Review
4.6.11.1 Heap overflow 100% Review
4.6.11.2 Stack overflow 100% Review
4.6.11.3 Format string 100% Review
4.6.12 Incubated vulnerability testing (0%,Ariel Waissbein)
4.7 Denial of Service Testing 95% Review
4.7.1 Locking Customer Accounts 100% Review
4.7.2 Buffer Overflows 100% Review
4.7.3 User Specified Object Allocation 100% Review
4.7.4 User Input as a Loop Counter 100% Review
4.7.5 Writing User Provided Data to Disk 100% Review
4.7.6 Failure to Release Resources 100% Review
4.7.7 Storing too Much Data in Session 90% Review
4.8 Web Services Testing (0%,Eoin Keary, Mark Roxberry)
4.8.1 XML Structural Attacks 0%
4.8.2 XML content-level attacks 0%
4.8.3 HTTP GET parameters/REST attacks 0%
4.8.4 Naughty SOAP attachments 0%
4.8.5 Brute force attacks 0%
4.9 AJAX Testing (0%, Dan Cornell)
4.9.1 Vulnerabilities 0%
4.9.2 How to test 0%
Writing Reports: value the real risk
5.1 How to value the real risk (0%, Daniel Cuthbert)
5.2 How to write the report of the testing (0%, Daniel Cuthbert) TD
Appendix A: Testing Tools
1. Source Code Analyzers
* Open Source / Freeware
* Commercial
2. Black Box Scanners
* Open Source
* Commercial
3. Other Tools
* Runtime Analysis
* Binary Analysis
* Requirements Management
Appendix B: Suggested Reading
1. Whitepapers 2. Books 3. Articles 4. Useful Websites 5. OWASP — http://www.owasp.org
