This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing Checklist"

From OWASP
Jump to: navigation, search
(Converted 'Information Gathering' to use wiki table style (initial))
 
(5 intermediate revisions by 4 users not shown)
Line 3: Line 3:
 
The following is the list of controls to test during the assessment:
 
The following is the list of controls to test during the assessment:
  
{|
+
{| {{table}}
|colspan="4" style="text-align:center; font-weight: bold;"| Information Gathering
+
| align="center" style="background:#f0f0f0;"|'''Ref. No.'''
 +
| align="center" style="background:#f0f0f0;"|'''Category'''
 +
| align="center" style="background:#f0f0f0;"|'''Test Name'''
 
|-
 
|-
! Category !!  Ref. Number !!  Test Name !!  Vulnerability
+
| ||||
 
|-
 
|-
| OWASP-IG-001 || 4.2.1 || Spiders, Robots and Crawlers            || N.A.
+
| 4.2||||'''Information Gathering'''
 
|-
 
|-
| OWASP-IG-002 || 4.2.2 || Search Engine Discovery/Reconnaissance || N.A.
+
| 4.2.1||OTG-INFO-001||Conduct Search Engine Discovery and Reconnaissance for Information Leakage
 
|-
 
|-
| OWASP-IG-003 || 4.2.3 || Identify application entry points      || N.A.
+
| 4.2.2||OTG-INFO-002||Fingerprint Web Server
 
|-
 
|-
| OWASP-IG-004 || 4.2.4 || Testing for Web Application Fingerprint || N.A.
+
| 4.2.3||OTG-INFO-003||Review Webserver Metafiles for Information Leakage
 
|-
 
|-
| OWASP-IG-005 || 4.2.5 || Application Discovery                  || N.A.
+
| 4.2.4||OTG-INFO-004||Enumerate Applications on Webserver
 
|-
 
|-
| OWASP-IG-006 || 4.2.6 || Analysis of Error Codes                 || Information Disclosure
+
| 4.2.5||OTG-INFO-005||Review Webpage Comments and Metadata for Information Leakage
 +
|-
 +
| 4.2.6||OTG-INFO-006||Identify application entry points
 +
|-
 +
| 4.2.7||OTG-INFO-007||Map execution paths through application
 +
|-
 +
| 4.2.8||OTG-INFO-008||Fingerprint Web Application Framework
 +
|-
 +
| 4.2.9||OTG-INFO-009||Fingerprint Web Application
 +
|-
 +
| 4.2.10||OTG-INFO-010||Map Application Architecture
 +
|-
 +
| ||||
 +
|-
 +
| 4.3||||'''Configuration and Deploy Management Testing'''
 +
|-
 +
| 4.3.1||OTG-CONFIG-001||Test Network/Infrastructure Configuration
 +
|-
 +
| 4.3.2||OTG-CONFIG-002 ||Test Application Platform Configuration
 +
|-
 +
| 4.3.3||OTG-CONFIG-003||Test File Extensions Handling for Sensitive Information
 +
|-
 +
| 4.3.4||OTG-CONFIG-004|| Backup and Unreferenced Files for Sensitive Information
 +
|-
 +
| 4.3.5||OTG-CONFIG-005||Enumerate Infrastructure and Application Admin Interfaces
 +
|-
 +
| 4.3.6||OTG-CONFIG-006||Test HTTP Methods
 +
|-
 +
| 4.3.7||OTG-CONFIG-007||Test HTTP Strict Transport Security
 +
|-
 +
| 4.3.8||OTG-CONFIG-008||Test RIA cross domain policy
 +
|-
 +
| ||||
 +
|-
 +
| 4.4||||'''Identity Management Testing'''
 +
|-
 +
| 4.4.1||OTG-IDENT-001||Test Role Definitions
 +
|-
 +
| 4.4.2||OTG-IDENT-002||Test User Registration Process
 +
|-
 +
| 4.4.3||OTG-IDENT-003||Test Account Provisioning Process
 +
|-
 +
| 4.4.4||OTG-IDENT-004||Testing for Account Enumeration and Guessable User Account
 +
|-
 +
| 4.4.5||OTG-IDENT-005||Testing for Weak or unenforced username policy
 +
|-
 +
| 4.4.6||OTG-IDENT-006||Test Permissions of Guest/Training Accounts
 +
|-
 +
| 4.4.7||OTG-IDENT-007||Test Account Suspension/Resumption Process
 +
|-
 +
| ||||
 +
|-
 +
| 4.5||||'''Authentication Testing'''
 +
|-
 +
| 4.5.1||OTG-AUTHN-001||Testing for Credentials Transported over an Encrypted Channel
 +
|-
 +
| 4.5.2||OTG-AUTHN-002||Testing for default credentials
 +
|-
 +
| 4.5.3||OTG-AUTHN-003||Testing for Weak lock out mechanism
 +
|-
 +
| 4.5.4||OTG-AUTHN-004||Testing for bypassing authentication schema
 +
|-
 +
| 4.5.5||OTG-AUTHN-005||Test remember password functionality
 +
|-
 +
| 4.5.6||OTG-AUTHN-006||Testing for Browser cache weakness
 +
|-
 +
| 4.5.7||OTG-AUTHN-007||Testing for Weak password policy
 +
|-
 +
| 4.5.8||OTG-AUTHN-008||Testing for Weak security question/answer
 +
|-
 +
| 4.5.9||OTG-AUTHN-009||Testing for weak password change or reset functionalities
 +
|-
 +
| 4.5.10||OTG-AUTHN-010||Testing for Weaker authentication in alternative channel
 +
|-
 +
| ||||
 +
|-
 +
| 4.6||||'''Authorization Testing'''
 +
|-
 +
| 4.6.1||OTG-AUTHZ-001||Testing Directory traversal/file include
 +
|-
 +
| 4.6.2||OTG-AUTHZ-002||Testing for bypassing authorization schema
 +
|-
 +
| 4.6.3||OTG-AUTHZ-003||Testing for Privilege Escalation
 +
|-
 +
| 4.6.4||OTG-AUTHZ-004||Testing for Insecure Direct Object References
 +
|-
 +
| ||||
 +
|-
 +
| 4.7||||'''Session Management Testing'''
 +
|-
 +
| 4.7.1||OTG-SESS-001 ||Testing for Bypassing Session Management Schema
 +
|-
 +
| 4.7.2||OTG-SESS-002 ||Testing for Cookies attributes
 +
|-
 +
| 4.7.3||OTG-SESS-003 ||Testing for Session Fixation
 +
|-
 +
| 4.7.4||OTG-SESS-004 ||Testing for Exposed Session Variables
 +
|-
 +
| 4.7.5||OTG-SESS-005 ||Testing for Cross Site Request Forgery
 +
|-
 +
| 4.7.6||OTG-SESS-006 ||Testing for logout functionality
 +
|-
 +
| 4.7.7||OTG-SESS-007 ||Test Session Timeout
 +
|-
 +
| 4.7.8||OTG-SESS-008 ||Testing for Session puzzling
 +
|-
 +
| ||||
 +
|-
 +
| 4.8||||'''Data Validation Testing'''
 +
|-
 +
| 4.8.1||OTG-INPVAL-001||Testing for Reflected Cross Site Scripting
 +
|-
 +
| 4.8.2||OTG-INPVAL-002||Testing for Stored Cross Site Scripting
 +
|-
 +
| 4.8.3||OTG-INPVAL-003 ||Testing for HTTP Verb Tampering
 +
|-
 +
| 4.8.4||OTG-INPVAL-004||Testing for HTTP Parameter pollution
 +
|-
 +
| 4.8.5||OTG-INPVAL-005||Testing for SQL Injection
 +
|-
 +
| 4.8.5.1||||Oracle Testing
 +
|-
 +
| 4.8.5.2||||MySQL Testing
 +
|-
 +
| 4.8.5.3||||SQL Server Testing
 +
|-
 +
| 4.8.5.4||||Testing PostgreSQL
 +
|-
 +
| 4.8.5.5||||MS Access Testing
 +
|-
 +
| 4.8.5.6||||Testing for NoSQL injection
 +
|-
 +
| 4.8.6||OTG-INPVAL-006||Testing for LDAP Injection
 +
|-
 +
| 4.8.7||OTG-INPVAL-007||Testing for ORM Injection
 +
|-
 +
| 4.8.8||OTG-INPVAL-008||Testing for XML Injection
 +
|-
 +
| 4.8.9||OTG-INPVAL-009||Testing for SSI Injection
 +
|-
 +
| 4.8.10||OTG-INPVAL-010||Testing for XPath Injection
 +
|-
 +
| 4.8.11||OTG-INPVAL-011||IMAP/SMTP Injection
 +
|-
 +
| 4.8.12||OTG-INPVAL-012||Testing for Code Injection
 +
|-
 +
| 4.8.12.1||||Testing for Local File Inclusion
 +
|-
 +
| 4.8.12.2||||Testing for Remote File Inclusion
 +
|-
 +
| 4.8.13||OTG-INPVAL-013||Testing for Command Injection
 +
|-
 +
| 4.8.14||OTG-INPVAL-014||Testing for Buffer overflow
 +
|-
 +
| 4.8.14.1||||Testing for Heap overflow
 +
|-
 +
| 4.8.14.2||||Testing for Stack overflow
 +
|-
 +
| 4.8.14.3||||Testing for Format string
 +
|-
 +
| 4.8.15||OTG-INPVAL-015||Testing for incubated vulnerabilities
 +
|-
 +
| 4.8.16||OTG-INPVAL-016||Testing for HTTP Splitting/Smuggling
 +
|-
 +
| ||||
 +
|-
 +
| 4.9||||'''Error Handling'''
 +
|-
 +
| 4.9.1||OTG-ERR-001||Analysis of Error Codes
 +
|-
 +
| 4.9.2||OTG-ERR-002||Analysis of Stack Traces
 +
|-
 +
| ||||
 +
|-
 +
| 4.10||||'''Cryptography'''
 +
|-
 +
| 4.10.1||OTG-CRYPST-001||Testing for Weak SSL/TSL Ciphers,  Insufficient Transport Layer Protection
 +
|-
 +
| 4.10.2||OTG-CRYPST-002||Testing for Padding Oracle
 +
|-
 +
| 4.10.3||OTG-CRYPST-003||Testing for Sensitive information sent via unencrypted channels
 +
|-
 +
| ||||
 +
|-
 +
| 4.11|| ||'''Business Logic Testing'''
 +
|-
 +
| 4.11.1||OTG-BUSLOGIC-001||Test Business Logic Data Validation
 +
|-
 +
| 4.11.2||OTG-BUSLOGIC-002||Test Ability to Forge Requests
 +
|-
 +
| 4.11.3||OTG-BUSLOGIC-003||Test Integrity Checks
 +
|-
 +
| 4.11.4||OTG-BUSLOGIC-004||Test for Process Timing
 +
|-
 +
| 4.11.5||OTG-BUSLOGIC-005||Test Number of Times a Function Can be Used Limits
 +
|-
 +
| 4.11.6||OTG-BUSLOGIC-006||Testing for the Circumvention of Work Flows
 +
|-
 +
| 4.11.7||OTG-BUSLOGIC-007||Test Defenses Against Application Mis-use
 +
|-
 +
| 4.11.8||OTG-BUSLOGIC-008||Test Upload of Unexpected File Types
 +
|-
 +
| 4.11.9||OTG-BUSLOGIC-009||Test Upload of Malicious Files
 +
|-
 +
| ||||
 +
|-
 +
| 4.12||||'''Client Side Testing'''
 +
|-
 +
| 4.12.1||OTG-CLIENT-001||Testing for DOM based Cross Site Scripting
 +
|-
 +
| 4.12.2||OTG-CLIENT-002||Testing for JavaScript Execution
 +
|-
 +
| 4.12.3||OTG-CLIENT-003||Testing for HTML Injection
 +
|-
 +
| 4.12.4||OTG-CLIENT-004 ||Testing for Client Side URL Redirect
 +
|-
 +
| 4.12.5||OTG-CLIENT-005||Testing for CSS Injection
 +
|-
 +
| 4.12.6||OTG-CLIENT-006||Testing for Client Side Resource Manipulation
 +
|-
 +
| 4.12.7||OTG-CLIENT-007||Test Cross Origin Resource Sharing
 +
|-
 +
| 4.12.8||OTG-CLIENT-008||Testing for Cross Site Flashing
 +
|-
 +
| 4.12.9||OTG-CLIENT-009||Testing for Clickjacking
 +
|-
 +
| 4.12.10||OTG-CLIENT-010||Testing WebSockets
 +
|-
 +
| 4.12.11||OTG-CLIENT-011||Test Web Messaging
 +
|-
 +
| 4.12.12||OTG-CLIENT-012||Test Local Storage
 +
|-
 +
|
 
|}
 
|}
 
'''Configuration Management Testing '''
 
 
OWASP-CM-001 - 4.3.1 SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness
 
 
OWASP-CM-002 - 4.3.2 DB Listener Testing - DB Listener weak
 
 
OWASP-CM-003 - 4.3.3 Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness
 
 
OWASP-CM-004 - 4.3.4 Application Configuration Management Testing - Application Configuration management weakness
 
 
OWASP-CM-005 - 4.3.5 Testing for File Extensions Handling - File extensions handling
 
 
OWASP-CM-006 - 4.3.6 Old, backup and unreferenced files - Old, backup and unreferenced files
 
 
OWASP-CM-007 - 4.3.7 Infrastructure and Application Admin Interfaces - Access to Admin interfaces
 
 
OWASP-CM-008 - 4.3.8 Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb
 
 
 
'''Authentication Testing '''
 
 
OWASP-AT-001 - 4.4.1 Credentials transport over an encrypted channel - Credentials transport over an encrypted channel
 
 
OWASP-AT-002 - 4.4.2 Testing for user enumeration - User enumeration
 
 
OWASP-AT-003 - 4.4.3 Testing for Guessable (Dictionary) User Account - Guessable user account
 
 
OWASP-AT-004 - 4.4.4 Brute Force Testing - Credentials Brute forcing
 
 
OWASP-AT-005 - 4.4.5 Testing for bypassing authentication schema - Bypassing authentication schema
 
 
OWASP-AT-006 - 4.4.6 Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset
 
 
OWASP-AT-007 - 4.4.7 Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser
 
cache weakness
 
 
OWASP-AT-008 - 4.4.8 Testing for CAPTCHA  - Weak Captcha implementation
 
 
OWASP-AT-009 - 4.4.9 Testing Multiple Factors Authentication - Weak Multiple Factors Authentication
 
 
OWASP-AT-010 - 4.4.10 Testing for Race Conditions - Race Conditions vulnerability
 
 
 
'''Session Management '''
 
 
OWASP-SM-001 - 4.5.1 Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token
 
 
OWASP-SM-002 - 4.5.2 Testing for Cookies attributes         - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity
 
 
OWASP-SM-003    - 4.5.3 Testing for Session Fixation              - Session Fixation
 
 
OWASP-SM-004 - 4.5.4 Testing for Exposed Session Variables - Exposed sensitive session variables
 
 
OWASP-SM-005 - 4.5.5 Testing for CSRF                         - CSRF
 
 
 
'''Authorization Testing '''
 
 
OWASP-AZ-001 - 4.6.1 Testing for Path Traversal - Path Traversal
 
 
OWASP-AZ-002 - 4.6.2 Testing for bypassing authorization schema - Bypassing authorization schema
 
 
OWASP-AZ-003 - 4.6.3 Testing for Privilege Escalation - Privilege Escalation
 
 
 
'''Business logic testing '''
 
 
OWASP-BL-001 - 4.7 Testing for Business Logic - Bypassable business logic
 
 
 
'''Data Validation Testing '''
 
 
OWASP-DV-001 - 4.8.1 Testing for Reflected Cross Site Scripting - Reflected XSS
 
 
OWASP-DV-002 - 4.8.2 Testing for Stored Cross Site Scripting - Stored XSS
 
 
OWASP-DV-003 - 4.8.3 Testing for DOM based Cross Site Scripting - DOM XSS
 
 
OWASP-DV-004 - 4.8.4 Testing for Cross Site Flashing - Cross Site Flashing
 
 
OWASP-DV-005 - 4.8.5 SQL Injection - SQL Injection
 
 
OWASP-DV-006 - 4.8.6 LDAP Injection - LDAP Injection 
 
 
OWASP-DV-007 - 4.8.7 ORM Injection - ORM Injection
 
 
OWASP-DV-008 - 4.8.8 XML Injection - XML Injection
 
 
OWASP-DV-009 - 4.8.9 SSI Injection - SSI Injection
 
 
OWASP-DV-010 - 4.8.10 XPath Injection - XPath Injection
 
 
OWASP-DV-011 - 4.8.11 IMAP/SMTP Injection - IMAP/SMTP Injection
 
 
OWASP-DV-012 - 4.8.12 Code Injection - Code Injection
 
 
OWASP-DV-013 - 4.8.13 OS Commanding - OS Commanding
 
 
OWASP-DV-014 - 4.8.14 Buffer overflow - Buffer overflow
 
 
OWASP-DV-015 - 4.8.15 Incubated vulnerability - Incubated vulnerability
 
 
OWASP-DV-016 - 4.8.16 Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling
 
 
 
'''Denial of Service Testing '''
 
 
OWASP-DS-001    - 4.9.1 Testing for SQL Wildcard Attacks  - SQL Wildcard vulnerability
 
 
OWASP-DS-002 - 4.9.2 Locking Customer Accounts - Locking Customer Accounts
 
 
OWASP-DS-003    - 4.9.3 Testing for DoS Buffer Overflows - Buffer Overflows
 
 
OWASP-DS-004 - 4.9.4 User Specified Object Allocation - User Specified Object Allocation
 
 
OWASP-DS-005 - 4.9.5 User Input as a Loop Counter - User Input as a Loop Counter
 
 
OWASP-DS-006 - 4.9.6 Writing User Provided Data to Disk - Writing User Provided Data to Disk
 
 
OWASP-DS-007 - 4.9.7 Failure to Release Resources - Failure to Release Resources
 
 
OWASP-DS-008 - 4.9.8 Storing too Much Data in Session - Storing too Much Data in Session
 
 
 
'''Web Services Testing '''
 
 
OWASP-WS-001    - 4.10.1 WS Information Gathering - N.A.
 
 
OWASP-WS-002    - 4.10.2 Testing WSDL - WSDL Weakness
 
 
OWASP-WS-003 - 4.10.3 XML Structural Testing - Weak XML Structure
 
 
OWASP-WS-004 - 4.10.4 XML content-level Testing - XML content-level
 
 
OWASP-WS-005 - 4.10.5 HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST
 
 
OWASP-WS-006 - 4.10.6 Naughty SOAP attachments - WS Naughty SOAP attachments
 
 
OWASP-WS-007 - 4.10.7 Replay Testing - WS Replay Testing
 
 
 
'''Ajax Testing '''
 
 
OWASP-AJ-001 - 4.11.1 AJAX Vulnerabilities - N.A.
 
 
OWASP-AJ-002 - 4.11.2 AJAX Testing - AJAX weakness
 

Latest revision as of 12:10, 8 August 2014

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project


The following is the list of controls to test during the assessment:

Ref. No. Category Test Name
4.2 Information Gathering
4.2.1 OTG-INFO-001 Conduct Search Engine Discovery and Reconnaissance for Information Leakage
4.2.2 OTG-INFO-002 Fingerprint Web Server
4.2.3 OTG-INFO-003 Review Webserver Metafiles for Information Leakage
4.2.4 OTG-INFO-004 Enumerate Applications on Webserver
4.2.5 OTG-INFO-005 Review Webpage Comments and Metadata for Information Leakage
4.2.6 OTG-INFO-006 Identify application entry points
4.2.7 OTG-INFO-007 Map execution paths through application
4.2.8 OTG-INFO-008 Fingerprint Web Application Framework
4.2.9 OTG-INFO-009 Fingerprint Web Application
4.2.10 OTG-INFO-010 Map Application Architecture
4.3 Configuration and Deploy Management Testing
4.3.1 OTG-CONFIG-001 Test Network/Infrastructure Configuration
4.3.2 OTG-CONFIG-002 Test Application Platform Configuration
4.3.3 OTG-CONFIG-003 Test File Extensions Handling for Sensitive Information
4.3.4 OTG-CONFIG-004 Backup and Unreferenced Files for Sensitive Information
4.3.5 OTG-CONFIG-005 Enumerate Infrastructure and Application Admin Interfaces
4.3.6 OTG-CONFIG-006 Test HTTP Methods
4.3.7 OTG-CONFIG-007 Test HTTP Strict Transport Security
4.3.8 OTG-CONFIG-008 Test RIA cross domain policy
4.4 Identity Management Testing
4.4.1 OTG-IDENT-001 Test Role Definitions
4.4.2 OTG-IDENT-002 Test User Registration Process
4.4.3 OTG-IDENT-003 Test Account Provisioning Process
4.4.4 OTG-IDENT-004 Testing for Account Enumeration and Guessable User Account
4.4.5 OTG-IDENT-005 Testing for Weak or unenforced username policy
4.4.6 OTG-IDENT-006 Test Permissions of Guest/Training Accounts
4.4.7 OTG-IDENT-007 Test Account Suspension/Resumption Process
4.5 Authentication Testing
4.5.1 OTG-AUTHN-001 Testing for Credentials Transported over an Encrypted Channel
4.5.2 OTG-AUTHN-002 Testing for default credentials
4.5.3 OTG-AUTHN-003 Testing for Weak lock out mechanism
4.5.4 OTG-AUTHN-004 Testing for bypassing authentication schema
4.5.5 OTG-AUTHN-005 Test remember password functionality
4.5.6 OTG-AUTHN-006 Testing for Browser cache weakness
4.5.7 OTG-AUTHN-007 Testing for Weak password policy
4.5.8 OTG-AUTHN-008 Testing for Weak security question/answer
4.5.9 OTG-AUTHN-009 Testing for weak password change or reset functionalities
4.5.10 OTG-AUTHN-010 Testing for Weaker authentication in alternative channel
4.6 Authorization Testing
4.6.1 OTG-AUTHZ-001 Testing Directory traversal/file include
4.6.2 OTG-AUTHZ-002 Testing for bypassing authorization schema
4.6.3 OTG-AUTHZ-003 Testing for Privilege Escalation
4.6.4 OTG-AUTHZ-004 Testing for Insecure Direct Object References
4.7 Session Management Testing
4.7.1 OTG-SESS-001 Testing for Bypassing Session Management Schema
4.7.2 OTG-SESS-002 Testing for Cookies attributes
4.7.3 OTG-SESS-003 Testing for Session Fixation
4.7.4 OTG-SESS-004 Testing for Exposed Session Variables
4.7.5 OTG-SESS-005 Testing for Cross Site Request Forgery
4.7.6 OTG-SESS-006 Testing for logout functionality
4.7.7 OTG-SESS-007 Test Session Timeout
4.7.8 OTG-SESS-008 Testing for Session puzzling
4.8 Data Validation Testing
4.8.1 OTG-INPVAL-001 Testing for Reflected Cross Site Scripting
4.8.2 OTG-INPVAL-002 Testing for Stored Cross Site Scripting
4.8.3 OTG-INPVAL-003 Testing for HTTP Verb Tampering
4.8.4 OTG-INPVAL-004 Testing for HTTP Parameter pollution
4.8.5 OTG-INPVAL-005 Testing for SQL Injection
4.8.5.1 Oracle Testing
4.8.5.2 MySQL Testing
4.8.5.3 SQL Server Testing
4.8.5.4 Testing PostgreSQL
4.8.5.5 MS Access Testing
4.8.5.6 Testing for NoSQL injection
4.8.6 OTG-INPVAL-006 Testing for LDAP Injection
4.8.7 OTG-INPVAL-007 Testing for ORM Injection
4.8.8 OTG-INPVAL-008 Testing for XML Injection
4.8.9 OTG-INPVAL-009 Testing for SSI Injection
4.8.10 OTG-INPVAL-010 Testing for XPath Injection
4.8.11 OTG-INPVAL-011 IMAP/SMTP Injection
4.8.12 OTG-INPVAL-012 Testing for Code Injection
4.8.12.1 Testing for Local File Inclusion
4.8.12.2 Testing for Remote File Inclusion
4.8.13 OTG-INPVAL-013 Testing for Command Injection
4.8.14 OTG-INPVAL-014 Testing for Buffer overflow
4.8.14.1 Testing for Heap overflow
4.8.14.2 Testing for Stack overflow
4.8.14.3 Testing for Format string
4.8.15 OTG-INPVAL-015 Testing for incubated vulnerabilities
4.8.16 OTG-INPVAL-016 Testing for HTTP Splitting/Smuggling
4.9 Error Handling
4.9.1 OTG-ERR-001 Analysis of Error Codes
4.9.2 OTG-ERR-002 Analysis of Stack Traces
4.10 Cryptography
4.10.1 OTG-CRYPST-001 Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection
4.10.2 OTG-CRYPST-002 Testing for Padding Oracle
4.10.3 OTG-CRYPST-003 Testing for Sensitive information sent via unencrypted channels
4.11 Business Logic Testing
4.11.1 OTG-BUSLOGIC-001 Test Business Logic Data Validation
4.11.2 OTG-BUSLOGIC-002 Test Ability to Forge Requests
4.11.3 OTG-BUSLOGIC-003 Test Integrity Checks
4.11.4 OTG-BUSLOGIC-004 Test for Process Timing
4.11.5 OTG-BUSLOGIC-005 Test Number of Times a Function Can be Used Limits
4.11.6 OTG-BUSLOGIC-006 Testing for the Circumvention of Work Flows
4.11.7 OTG-BUSLOGIC-007 Test Defenses Against Application Mis-use
4.11.8 OTG-BUSLOGIC-008 Test Upload of Unexpected File Types
4.11.9 OTG-BUSLOGIC-009 Test Upload of Malicious Files
4.12 Client Side Testing
4.12.1 OTG-CLIENT-001 Testing for DOM based Cross Site Scripting
4.12.2 OTG-CLIENT-002 Testing for JavaScript Execution
4.12.3 OTG-CLIENT-003 Testing for HTML Injection
4.12.4 OTG-CLIENT-004 Testing for Client Side URL Redirect
4.12.5 OTG-CLIENT-005 Testing for CSS Injection
4.12.6 OTG-CLIENT-006 Testing for Client Side Resource Manipulation
4.12.7 OTG-CLIENT-007 Test Cross Origin Resource Sharing
4.12.8 OTG-CLIENT-008 Testing for Cross Site Flashing
4.12.9 OTG-CLIENT-009 Testing for Clickjacking
4.12.10 OTG-CLIENT-010 Testing WebSockets
4.12.11 OTG-CLIENT-011 Test Web Messaging
4.12.12 OTG-CLIENT-012 Test Local Storage