This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Testing Guide v2 Table of Contents"

From OWASP
Jump to: navigation, search
m (Typo.)
 
(90 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Updated 23th Dec, 11.00 GMT+1 <br>
+
__NOTOC__
Status: draft <br>
 
  
[[http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide OWASP Testing Guide AoC]]
+
Please go [http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents here] for the last release of the OWASP Testing Guide.
 
 
 
 
==[[Testing Guide Forward AoC|Forward]]==
 
 
 
 
 
==[[Testing Guide Frontispiece AoC|1. Frontispiece]]==
 
 
 
'''1.1 About the OWASP Testing Guide Project'''<br>
 
1.1.1 Copyright                                        <br>
 
1.1.2 Editors                                         <br>
 
1.1.3 Authors and Reviewers                         <br>
 
1.1.4 Revision History<br>
 
1.1.5 Trademarks<br>
 
'''1.2 [[About The Open Web Application Security Project]]''' <br>
 
1.2.1 Overview <br>
 
1.2.2 Structure <br>
 
1.2.3 Licensing <br>
 
1.2.4 Participation and Membership <br>
 
1.2.5 Projects <br>
 
1.2.6 OWASP Privacy Policy <br>
 
 
 
==[[Testing Guide Introduction AoC|2. Introduction]]==
 
'''2.1 The OWASP Testing Project'''                                      <br>
 
'''2.2 Principles of Testing'''                                          <br>
 
'''2.3 Testing Techniques Explained'''                                    <br>
 
 
 
==[[The OWASP Testing Framework AoC|3. The OWASP Testing Framework]]==
 
'''3.1. Overview'''                                        <br>
 
'''3.2. Phase 1 — Before Development Begins '''<br>
 
'''3.3. Phase 2: During Definition and Design'''<br>
 
'''3.4. Phase 3: During Development'''<br>
 
'''3.5. Phase 4: During Deployment'''<br>
 
'''3.6. Phase 5: Maintenance and Operations'''<br>
 
'''3.7. A Typical SDLC Testing Workflow '''<br>
 
 
 
==[[Web Application Penetration Testing |4. Web Application Penetration Testing ]]==
 
 
 
[[Testing: Introduction and objectives|'''4.1 Introduction and objectives''']] <br>
 
 
 
[[Testing: Information Gathering|'''4.2 Information Gathering''']]<br>
 
 
 
[[Testing for Web Application Fingerprint|4.2.1 Testing Web Application Fingerprint]]<br>
 
[[Testing for Application Discovery|4.2.2 Application Discovery]]<br>
 
[[Testing: Spidering and googling|4.2.3 Spidering and googling]]                    <br>
 
[[Testing for Error Code|4.2.4 Analysis of error code]]                    <br>
 
[[Testing for infrastructure configuration management|4.2.5 Infrastructure configuration management testing]]<br>
 
[[Testing for SSL/TLS|4.2.5.1 SSL/TLS Testing                        ]]<br>
 
[[Testing for DB Listener|4.2.5.2 DB Listener Testing                    ]]<br>
 
[[Testing for Application configuration management|4.2.6 Application configuration management testing]] <br>
 
[[Testing for File extensions handling|4.2.6.1 File extensions handling                  ]]<br>
 
[[Testing for Old_file_testing|4.2.6.2 Old, backup and unreferenced files          ]]<br>
 
 
 
[[Testing for Business logic|'''4.3 Business logic testing''']] <br>
 
 
 
[[Testing for Authentication|'''4.4 Authentication Testing''']]  <br>
 
[[Testing for Default or Guessable User Account|4.4.1 Default or guessable (dictionary) user account]]<br>
 
[[Testing for Brute Force|4.4.2 Brute Force]]<br>
 
[[Testing for Bypassing Authentication Schema|4.4.3 Bypassing authentication schema]]<br>
 
[[Testing for Directory Traversal|4.4.4 Directory traversal/file include]] <br>
 
[[Testing for Vulnerable Remember Password and Pwd Reset|4.4.5 Vulnerable remember password and pwd reset]]<br>
 
[[Testing for Logout and Browser Cache Management|4.4.6 Logout and Browser Cache Management Testing]]<br>
 
 
 
[[Session Management Testing AoC|'''4.5 Session Management Testing''']] <br>
 
[[ Analysis_of_the_Session_Management_Schema_AoC|4.5.1 Analysis of the Session Management Schema]] <br>
 
[[ Cookie and Session Token Manipulation AoC|4.5.2 Cookie and Session Token Manipulation]]<br>
 
[[ Exposed Session Variables AoC|4.5.3 Exposed Session Variables ]]<br>
 
[[ Session Riding AoC|4.5.4 Session Riding ]]<br>
 
[[ HTTP Exploit AoC|4.5.5 HTTP Exploit ]]<br>
 
 
 
[[Data Validation Testing AoC|'''4.6 Data Validation Testing''']] <br>
 
[[Cross site scripting AoC|4.6.1 Cross Site Scripting]]<br>
 
[[HTTP Methods and XST AoC|4.6.1.1 HTTP Methods and XST ]]<br>
 
[[Testing for SQL Injection|4.6.2 SQL Injection ]]<br>
 
[[Oracle Testing AoC|4.6.2.1 Oracle Testing ]]<br>
 
[[MySQL Testing AoC|4.6.2.2 MySQL Testing ]]<br>
 
[[SQL Server Testing AoC|4.6.2.3 SQL Server Testing ]]<br>
 
 
 
[[LDAP Injection Testing AoC|4.6.3 LDAP Injection]]<br>
 
[[ORM Injection Testing AoC|4.6.4 ORM Injection]]<br>
 
[[XML Injection Testing AoC|4.6.5 XML Injection]]<br>
 
[[SSI Injection Testing AoC|4.6.6 SSI Injection]]<br>
 
[[XPath Injection Testing AoC|4.6.7 XPath Injection]]<br>
 
[[IMAP/SMTP Injection Testing AoC|4.6.8 IMAP/SMTP Injection]]<br>
 
[[Code Injection Testing AoC|4.6.9 Code Injection]]<br>
 
[[OS Commanding Testing AoC|4.6.10 OS Commanding]]<br>
 
 
 
[[Buffer Overflow Testing AoC|4.6.11 Buffer overflow Testing ]]<br>
 
[[Heap Overflow Testing AoC|4.6.11.1 Heap overflow ]]<br>
 
[[Stack Overflow Testing AoC|4.6.11.2 Stack overflow ]]<br>
 
[[Format String Testing AoC|4.6.11.3 Format string ]]<br>
 
 
 
[[Incubated Vulnerability Testing AoC|4.6.12 Incubated vulnerability testing]] <br>
 
 
 
[[Denial of Service Testing AoC|'''4.7 Denial of Service Testing''']] <br>
 
[[DoS Testing: Locking Customer Accounts|4.7.1 Locking Customer Accounts]]<br>
 
[[DoS Testing: Buffer Overflows|4.7.2 Buffer Overflows]] <br>
 
[[DoS Testing: User Specified Object Allocation|4.7.3 User Specified Object Allocation]] <br>
 
[[DoS Testing: User Input as a Loop Counter|4.7.4 User Input as a Loop Counter]] <br>
 
[[DoS Testing: Writing User Provided Data to Disk|4.7.5 Writing User Provided Data to Disk]]<br>
 
[[DoS Testing: Failure to Release Resources|4.7.6 Failure to Release Resources]] <br>
 
[[DoS Testing: Storing too Much Data in Session|4.7.7 Storing too Much Data in Session]]<br>
 
 
 
[[Web Services Testing AoC|'''4.8 Web Services Testing''']] <br>
 
[[XML Structural Testing AoC|4.8.1 XML Structural Testing ]]<br>
 
[[XML Content-Level Testing AoC|4.8.2 XML Content-level Testing ]]<br>
 
[[WS HTTP GET parameters/REST attacks AoC|4.8.3 HTTP GET parameters/REST Testing ]]<br>
 
[[Naughty SOAP attachments AoC|4.8.4 Naughty SOAP attachments ]]<br>
 
[[WS Replay Testing|4.8.5 Replay Testing ]]<br>
 
 
 
[[Testing_for_AJAX:_introduction|'''4.9 AJAX Testing''']] <br>
 
[[Testing for AJAX Vulnerabilities|4.9.1 AJAX Vulnerabilities ]]<br>
 
[[Testing for AJAX|4.9.2 How to test AJAX ]]<br>
 
 
 
==[[Writing Reports: value the real risk AoC |5. Writing Reports: value the real risk ]]==
 
[[How to value the real risk AoC|5.1 How to value the real risk]] <br>
 
[[How to write the report of the testing AoC|5.2 How to write the report of the testing]]<br>
 
 
 
==[[Appendix A: Testing Tools |Appendix A: Testing Tools ]]==
 
* Black Box Testing Tools
 
* Source Code Analyzers
 
* Other Tools
 
 
 
==[[OWASP Testing Guide Appendix B: Suggested Reading | Appendix B: Suggested Reading]]==
 
* Whitepapers<br>
 
* Books<br>
 
* Useful Websites<br>
 
 
 
==[[OWASP Testing Guide Appendix C: Fuzz Vectors | Appendix C: Fuzz Vectors]]==
 
 
 
* Fuzz Categories
 
** Recursive fuzzing
 
** Replasive fuzzing
 
* Cross Site Scripting (XSS)
 
* Buffer Overflows and Format String Errors
 
** Buffer Overflows (BFO)
 
** Format String Errors (FSE)
 
** Integer Overflows (INT)
 
* SQL Injection
 
** Passive SQL Injection (SQP)
 
** Active SQL Injection (SQI)
 
* LDAP Injection
 
* XPATH Injection
 
 
 
 
 
<br>
 
 
 
{{Category:OWASP Testing Project AoC}}
 

Latest revision as of 17:07, 1 August 2013


Please go here for the last release of the OWASP Testing Guide.

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Testing_Guide_v2_Table_of_Contents&oldid=156347"