Difference between revisions of "OWASP Testing Guide v3 Table of Contents"

Fuzz Categories
- Recursive fuzzing
- Replasive fuzzing
Cross Site Scripting (XSS)
Buffer Overflows and Format String Errors
- Buffer Overflows (BFO)
- Format String Errors (FSE)
- Integer Overflows (INT)
SQL Injection
- Passive SQL Injection (SQP)
- Active SQL Injection (SQI)
LDAP Injection
XPATH Injection

Appendix D: Encoded Injection

Difference between revisions of "OWASP Testing Guide v3 Table of Contents"

Latest revision as of 22:59, 17 September 2013

Foreword by Eoin Keary - Global Board

1. Frontispiece

2. Introduction

3. The OWASP Testing Framework

4. Web Application Penetration Testing

5. Writing Reports: value the real risk

Appendix A: Testing Tools

Appendix B: Suggested Reading

Appendix C: Fuzz Vectors

Appendix D: Encoded Injection

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
+{{OWASP Breakers}}
 __NOTOC__
-This is the draft of table of content of the New Testing Guide.
+This is the table of content of the New Testing Guide v3.<br>
-You can download the stable version [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_pdf.zip here] or read it on line [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents here]
+You can download the stable version [http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf here] <br>
-Back to the OWASP Testing Guide:
+Back to the OWASP Testing Guide Project:
 http://www.owasp.org/index.php/OWASP_Testing_Project
- Testing Guide v3 (draft 16th June 2008)
+Updated: 2nd November 2008
- Updated: 12nd August 2008
- (new)--> new articles, (toimp)--> needs to improve or to review, (xxx%) --> current state of the article
 '''T A B L E    o f    C O N T E N T S'''
 ----
-==[[Testing Guide Foreword|(toimp)Foreword by OWASP Chair]]==
+==[[Testing Guide Foreword|Foreword by Eoin Keary - Global Board]]==
-==[[Testing Guide Frontispiece |(toimp: M.Meucci)1. Frontispiece]]==
+==[[Testing Guide Frontispiece |1. Frontispiece]]==
-'''[[Testing Guide Frontispiece|(toimp: M.Meucci)1.1 About the OWASP Testing Guide Project]]'''
+'''[[Testing Guide Frontispiece|1.1 About the OWASP Testing Guide Project]]'''
 '''[[About The Open Web Application Security Project|1.2 About The Open Web Application Security Project]]'''
@@ Line 31: / Line 30: @@
 '''2.3 Testing Techniques Explained'''
-(new: M. Morana 90%) 2.4 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Requirements_Test_Derivation Security requirements test derivation],[https://www.owasp.org/index.php/Testing_Guide_Introduction#Functional_and_Non_Functional_Test_Requirements functional and non functional test requirements], and [https://www.owasp.org/index.php/Testing_Guide_Introduction#Test_Cases_Through_Use_and_Misuse_Cases test cases through use and misuse cases]
+.4 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Requirements_Test_Derivation Security requirements test derivation],[https://www.owasp.org/index.php/Testing_Guide_Introduction#Functional_and_Non_Functional_Test_Requirements functional and non functional test requirements], and [https://www.owasp.org/index.php/Testing_Guide_Introduction#Test_Cases_Through_Use_and_Misuse_Cases test cases through use and misuse cases]
-(new: M. Morana 100%) 2.4.1 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Tests_Integrated_in_Developers_and_Testers_Workflow Security tests integrated in developers and testers workflows]
+.4.1 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Tests_Integrated_in_Developers_and_Testers_Workflow Security tests integrated in developers and testers workflows]
-(new: M. Morana 100%) 2.4.2 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Developers.27_Security_Tests Developers' security tests: unit tests and component level tests]
+.4.2 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Developers.27_Security_Tests Developers' security tests: unit tests and component level tests]
-(new: M. Morana 90%) 2.4.3 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Functional_Testers.27_Security_Tests Functional testers' security tests: integrated system tests, tests in UAT, and production environment]
+.4.3 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Functional_Testers.27_Security_Tests Functional testers' security tests: integrated system tests, tests in UAT, and production environment]
-(new: M. Morana 100%) 2.5 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Test_Data_Analysis_and_Reporting Security test data analysis and reporting: root cause identification and business/role case test data reporting]
+.5 [https://www.owasp.org/index.php/Testing_Guide_Introduction#Security_Test_Data_Analysis_and_Reporting Security test data analysis and reporting: root cause identification and business/role case test data reporting]
 ==[[The OWASP Testing Framework|3. The OWASP Testing Framework]]==
@@ Line 57: / Line 56: @@
 '''3.7. A Typical SDLC Testing Workflow '''
-==[[Web Application Penetration Testing |4. (toimp:M.Meucci) Web Application Penetration Testing ]]==
+==[[Web Application Penetration Testing |4. Web Application Penetration Testing ]]==
 [[Testing: Introduction and objectives|'''4.1 Introduction and Objectives''']]
-[[Testing Checklist| (new: M.Meucci) 4.1.1 Testing Checklist]]
+[[Testing Checklist| 4.1.1 Testing Checklist]]
-[[Testing: Information Gathering|'''(toimp: B.Damele) 4.2 Information Gathering''']]
+[[Testing: Information Gathering|'''4.2 Information Gathering''']]
-[[Testing: Spiders Robots and Crawlers|(new:C.Heinrich)4.2.1 Spiders, Robots and Crawlers]]
+[[Testing: Spiders, Robots, and Crawlers (OWASP-IG-001)|4.2.1 Spiders, Robots and Crawlers (OWASP-IG-001)]]
-[[Testing: Search engine discovery|(new:C.Heinrich)4.2.2 Search Engine Discovery/Reconnaissance]]
+[[Testing: Search engine discovery/reconnaissance (OWASP-IG-002)|4.2.2 Search Engine Discovery/Reconnaissance (OWASP-IG-002)]]
-[[Testing: Identify application entry points| (new: K.Horvath - 95%) 4.2.3 Identify application entry points]]
+[[Testing: Identify application entry points (OWASP-IG-003)|4.2.3 Identify application entry points (OWASP-IG-003)]]
-[[Testing for Web Application Fingerprint|4.2.4 (toimp) Testing for Web Application Fingerprint]]
+[[Testing for Web Application Fingerprint (OWASP-IG-004)|4.2.4 Testing for Web Application Fingerprint (OWASP-IG-004)]]
-[[Testing for Application Discovery|4.2.5 Application Discovery]]
+[[Testing for Application Discovery (OWASP-IG-005)|4.2.5 Application Discovery (OWASP-IG-005)]]
-[[Testing for Error Code|(toimp)4.2.6 Analysis of Error Codes]]
+[[Testing for Error Code (OWASP-IG-006)|4.2.6 Analysis of Error Codes (OWASP-IG-006)]]
-[[Testing for infrastructure configuration management|''' (new) 4.3 Configuration Management Testing''']]
+[[Testing for configuration management|'''4.3 Configuration Management Testing''']]
-[[Testing for SSL-TLS|(toimp) 4.3.1 SSL/TLS Testing (SSL Version, Alghoritms, Key lenght, Digital Cert. Validity]]
+[[Testing for SSL-TLS  (OWASP-CM-001)| 4.3.1 SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) (OWASP-CM-001)]]<br>
-[[Testing for DB Listener|4.3.2 DB Listener Testing]]
+[[Testing for DB Listener  (OWASP-CM-002)|4.3.2 DB Listener Testing (OWASP-CM-002)]]
-[[Testing for application configuration management| (toimp) 4.3.3 Application Configuration Management Testing]]
+[[Testing for infrastructure configuration management (OWASP-CM-003)|4.3.3 Infrastructure Configuration Management Testing (OWASP-CM-003)]]
-[[Testing for misconfiguration| (new) 4.3.4 Testing for misconfiguration]]
+[[Testing for application configuration management (OWASP-CM-004)|4.3.4 Application Configuration Management Testing (OWASP-CM-004)]]
-[[Testing for file extensions handling|4.3.5 Testing for File Extensions Handling]]
+[[Testing for file extensions handling  (OWASP-CM-005)|4.3.5 Testing for File Extensions Handling  (OWASP-CM-005)]]
-[[Testing for old_file|4.3.6 Old, backup and unreferenced files]]
+[[Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)|4.3.6 Old, Backup and Unreferenced Files (OWASP-CM-006) ]]
-[[Testing for Admin Interfaces|(new) 4.3.7 Infrastructure and Application Admin Interfaces]]
+[[Testing for Admin Interfaces  (OWASP-CM-007)|4.3.7 Infrastructure and Application Admin Interfaces  (OWASP-CM-007)]]
-[[Testing for HTTP Methods and XST| 4.3.8 Testing for HTTP Methods and XST]]
+[[Testing for HTTP Methods and XST  (OWASP-CM-008)|4.3.8 Testing for HTTP Methods and Cross Site Tracing (XST)  (OWASP-CM-008)]]
-[[Testing for business logic|'''(toimp: K.Horvath - 90%) 4.4 Business Logic Testing''']]
+[[Testing for authentication|'''4.4 Authentication Testing''']]
-[[Testing for authentication|'''(toimp: M.Meucci) 4.5 Authentication Testing''']]
+[[Testing for credentials transport (OWASP-AT-001)|4.4.1 Credentials transport over an encrypted channel  (OWASP-AT-001)]]
-[[Testing for credentials transport|(new: G.Ingrosso - 80%) 4.5.1 Credentials transport over an encrypted channel]]
+[[Testing for user enumeration  (OWASP-AT-002)|4.4.2 Testing for user enumeration  (OWASP-AT-002)]]
-[[Testing for user enumeration|(new: M.Meucci - 70%) 4.5.2 Testing for user enumeration]]
+[[Testing for Default or Guessable User Account (OWASP-AT-003)|4.4.3 Testing for Guessable (Dictionary) User Account (OWASP-AT-003)]]
-[[Testing for Default or Guessable User Account|(to imp: K.Horvath - 95%) 4.5.3 Testing for Guessable (Dictionary) User Account]]
+[[Testing for Brute Force (OWASP-AT-004)|4.4.4 Brute Force Testing (OWASP-AT-004)]]
-[[Testing for Brute Force|4.5.4 Brute Force Testing]]
+[[Testing for Bypassing Authentication Schema (OWASP-AT-005)|4.4.5 Testing for bypassing authentication schema (OWASP-AT-005)]]
-[[Testing for Bypassing Authentication Schema|4.5.5 Testing for bypassing authentication schema]]
+[[Testing for Vulnerable Remember Password and Pwd Reset  (OWASP-AT-006)|4.4.6 Testing for vulnerable remember
+password and pwd reset  (OWASP-AT-006)]]
-[[Testing for Vulnerable Remember Password and Pwd Reset|4.5.7 Testing for vulnerable remember
+[[Testing for Logout and Browser Cache Management (OWASP-AT-007)|4.4.7 Testing for Logout and Browser Cache Management (OWASP-AT-007)]]
-password and pwd reset]]
-[[Testing for Logout and Browser Cache Management|4.5.8 Testing for Logout and Browser Cache Management Testing]]
+[[Testing for Captcha  (OWASP-AT-008)|4.4.8 Testing for CAPTCHA (OWASP-AT-008)]]
-[[Testing for Captcha|(new: P.Luptak) 4.5.9 Testing for CAPTCHA]]
+[[Testing Multiple Factors Authentication (OWASP-AT-009)|4.4.9 Testing Multiple Factors Authentication (OWASP-AT-009)]]
-[[Testing for Authorization|'''(new: M.Meucci - 90%) 4.6 Authorization testing''']]
+[[Testing for Race Conditions  (OWASP-AT-010)|4.4.10 Testing for Race Conditions  (OWASP-AT-010)]]
-[[Testing for Path Traversal|4.6.1 (100%) Testing for path traversal]]
+[[Testing for Session Management|'''4.5 Session Management Testing''']]
-[[Testing for Bypassing Authorization Schema|(new: M.Meucci)4.6.2 Testing for bypassing authorization schema]]
+[[Testing for Session_Management_Schema (OWASP-SM-001)|4.5.1 Testing for Session Management Schema (OWASP-SM-001)]]
-[[Testing for Privilege escalation|(new: Cecil Su, M.Meucci - 90%)4.6.3 Testing for Privilege Escalation]]
+[[Testing for cookies attributes  (OWASP-SM-002)|4.5.2 Testing for Cookies attributes  (OWASP-SM-002)]]
-[[Testing for Session Management|'''4.7 Session Management Testing''']]
+[[Testing for Session Fixation  (OWASP-SM-003)|4.5.3 Testing for Session Fixation  (OWASP-SM-003)]]
-[[Testing for Session_Management_Schema|4.7.1 Testing for Session Management Schema]]
+[[Testing for Exposed Session Variables  (OWASP-SM-004)|4.5.4 Testing for Exposed Session Variables   (OWASP-SM-004)]]
-[[Testing for Cookie and Session Token Manipulation|(new)4.7.2 Test the token strength (old 4.5.2 Testing for Cookie and Session Token Manipulation)]]
+[[Testing for CSRF  (OWASP-SM-005)|4.5.5 Testing for Cross Site Request Forgery (CSRF)  (OWASP-SM-005)]]
-[[Testing for cookies attributes| (new: K.Horvath - 100%) 4.7.3 Testing for Cookies attributes]]
+[[Testing for Authorization|'''4.6 Authorization Testing''']]
-[[Testing for Session Fixation| (new: M.Meucci) 4.7.4. Testing for Session Fixation]]
+[[Testing for Path Traversal  (OWASP-AZ-001)|4.6.1 Testing for path traversal  (OWASP-AZ-001)]]
-[[Testing for Exposed Session Variables|4.7.5 Testing for Exposed Session Variables ]]
+[[Testing for Bypassing Authorization Schema  (OWASP-AZ-002)|4.6.2 Testing for bypassing authorization schema  (OWASP-AZ-002)]]
-[[Testing for CSRF|4.7.6 Testing for CSRF]]
+[[Testing for Privilege escalation  (OWASP-AZ-003)|4.6.3 Testing for Privilege Escalation  (OWASP-AZ-003)]]
-[[Testing for HTTP Exploit|4.7.7 Testing for HTTP Exploit ]]
+[[Testing for business logic   (OWASP-BL-001)|'''4.7 Business Logic Testing  (OWASP-BL-001)''']]
 [[Testing for Data Validation|'''4.8 Data Validation Testing''']]
-[[Testing for Reflected Cross site scripting|(new: A. Coronel)4.8.1 Testing for Reflected Cross Site Scripting]]
+[[Testing for Reflected Cross site scripting (OWASP-DV-001) |4.8.1 Testing for Reflected Cross Site Scripting (OWASP-DV-001) ]]
-[[Testing for Stored Cross site scripting|(new: R. Suggi Liverani - 100%)4.8.2 Testing for Stored Cross Site Scripting]]
+[[Testing for Stored Cross site scripting (OWASP-DV-002) |4.8.2 Testing for Stored Cross Site Scripting (OWASP-DV-002) ]]
-[[Testing for DOM-based Cross site scripting|(new: A.Agarwwal, Kuza55) 4.8.3 Testing for DOM based Cross Site Scripting]]
+[[Testing for DOM-based Cross site scripting  (OWASP-DV-003)|4.8.3 Testing for DOM based Cross Site Scripting  (OWASP-DV-003)]]
-[[Testing for Cross site flashing|(new: A.Agarwwal)4.8.4 Testing for Cross Site Flashing]]
+[[Testing for Cross site flashing   (OWASP-DV-004)|4.8.4 Testing for Cross Site Flashing   (OWASP-DV-004)]]
-[[Testing for SQL Injection| (toimp: B.Damele) 4.8.5 Testing for SQL Injection ]]
+[[Testing for SQL Injection (OWASP-DV-005)| 4.8.5 Testing for SQL Injection (OWASP-DV-005)]]
-[[Testing for Oracle|4.8.5.1 Oracle Testing ]]
+[[Testing for Oracle|4.8.5.1 Oracle Testing]]
-[[Testing for MySQL|4.8.5.2 MySQL Testing ]]
+[[Testing for MySQL|4.8.5.2 MySQL Testing]]
 [[Testing for SQL Server|4.8.5.3 SQL Server Testing]]
-[[Testing for PostgreSQL|4.8.5.4 (new: D.Bellucci from OWASP BSP) Testing PostgreSQL]]
+[[Testing for MS Access |4.8.5.4 MS Access Testing]]
-[[Testing for LDAP Injection|4.8.6 Testing for LDAP Injection]]
+[[OWASP_Backend_Security_Project_Testing_PostgreSQL|4.8.5.5 Testing PostgreSQL (from OWASP BSP) ]]
-[[Testing for ORM Injection|4.8.7 Testing for ORM Injection]]
+[[Testing for LDAP Injection  (OWASP-DV-006)|4.8.6 Testing for LDAP Injection  (OWASP-DV-006)]]
-[[Testing for XML Injection|4.8.8 Testing for XML Injection]]
+[[Testing for ORM Injection   (OWASP-DV-007)|4.8.7 Testing for ORM Injection   (OWASP-DV-007)]]
-[[Testing for SSI Injection|4.8.9 Testing for SSI Injection]]
+[[Testing for XML Injection (OWASP-DV-008)|4.8.8 Testing for XML Injection (OWASP-DV-008)]]
-[[Testing for XPath Injection|4.8.10 Testing for XPath Injection]]
+[[Testing for SSI Injection  (OWASP-DV-009)|4.8.9 Testing for SSI Injection  (OWASP-DV-009)]]
-[[Testing for IMAP/SMTP Injection|4.8.11 IMAP/SMTP Injection]]
+[[Testing for XPath Injection  (OWASP-DV-010)|4.8.10 Testing for XPath Injection  (OWASP-DV-010)]]
-[[Testing for Code Injection|4.8.12 Testing for Code Injection]]
+[[Testing for IMAP/SMTP Injection  (OWASP-DV-011)|4.8.11 IMAP/SMTP Injection  (OWASP-DV-011)]]
-[[Testing for Command Injection|4.8.13 Testing for Command Injection]]
+[[Testing for Code Injection  (OWASP-DV-012)|4.8.12 Testing for Code Injection  (OWASP-DV-012)]]
-[[Testing for Buffer Overflow|4.8.14 Testing for Buffer overflow]]
+[[Testing for Command Injection   (OWASP-DV-013)|4.8.13 Testing for Command Injection   (OWASP-DV-013)]]
+[[Testing for Buffer Overflow (OWASP-DV-014)|4.8.14 Testing for Buffer overflow (OWASP-DV-014)]]
 [[Testing for Heap Overflow|4.8.14.1 Testing for Heap overflow]]
@@ Line 184: / Line 185: @@
 [[Testing for Format String|4.8.14.3 Testing for Format string]]
-[[Testing for Incubated Vulnerability|4.8.15 Testing for incubated vulnerabilities]]
+[[Testing for Incubated Vulnerability (OWASP-DV-015)|4.8.15 Testing for incubated vulnerabilities (OWASP-DV-015)]]
+[[Testing for HTTP Splitting/Smuggling  (OWASP-DV-016)|4.8.16 Testing for HTTP Splitting/Smuggling  (OWASP-DV-016) ]]
 [[Testing for Denial of Service|'''4.9 Testing for Denial of Service''']]
-[[Testing for SQL Wildcard Attacks|(new: F.Mavituna - 100%) 4.9.1 Testing for SQL Wildcard Attacks]]
+[[Testing for SQL Wildcard Attacks  (OWASP-DS-001)|4.9.1 Testing for SQL Wildcard Attacks  (OWASP-DS-001)]]
-[[Testing for DoS Locking Customer Accounts|4.9.2 Testing for DoS Locking Customer Accounts]]
+[[Testing for DoS Locking Customer Accounts  (OWASP-DS-002)|4.9.2 Testing for DoS Locking Customer Accounts (OWASP-DS-002)]]
-[[Testing for DoS Buffer Overflows|4.9.3 Testing for DoS Buffer Overflows]]
+[[Testing for DoS Buffer Overflows (OWASP-DS-003)|4.9.3 Testing for DoS Buffer Overflows (OWASP-DS-003)]]
-[[Testing for DoS User Specified Object Allocation|4.9.4 Testing for DoS User Specified Object Allocation]]
+[[Testing for DoS User Specified Object Allocation (OWASP-DS-004)|4.9.4 Testing for DoS User Specified Object Allocation (OWASP-DS-004)]]
-[[Testing for User Input as a Loop Counter|4.9.5 Testing for User Input as a Loop Counter]]
+[[Testing for User Input as a Loop Counter  (OWASP-DS-005)|4.9.5 Testing for User Input as a Loop Counter  (OWASP-DS-005)]]
-[[Testing for Writing User Provided Data to Disk|4.9.6 Testing for Writing User Provided Data to Disk]]
+[[Testing for Writing User Provided Data to Disk   (OWASP-DS-006)|4.9.6 Testing for Writing User Provided Data to Disk  (OWASP-DS-006)]]
-[[Testing for DoS Failure to Release Resources|4.9.7 Testing for DoS Failure to Release Resources]]
+[[Testing for DoS Failure to Release Resources (OWASP-DS-007)|4.9.7 Testing for DoS Failure to Release Resources (OWASP-DS-007)]]
-[[Testing for Storing too Much Data in Session|4.9.8 Testing for Storing too Much Data in Session]]
+[[Testing for Storing too Much Data in Session (OWASP-DS-008)|4.9.8 Testing for Storing too Much Data in Session  (OWASP-DS-008)]]
-[[Testing for Web Services|(toimp: D.Wichers) '''4.10 Web Services Testing''']]
+[[Testing for Web Services|'''4.10 Web Services Testing''']]
-[[Testing for XML Structural|4.10.1 XML Structural Testing]]
+[[Testing: WS Information Gathering  (OWASP-WS-001)|4.10.1 WS Information Gathering  (OWASP-WS-001)]]
-[[Testing for XML Content-Level|4.10.2 XML Content-level Testing]]
+[[Testing WSDL   (OWASP-WS-002)|4.10.2 Testing WSDL   (OWASP-WS-002)]]
-[[Testing for WS HTTP GET parameters/REST attacks|4.10.3 HTTP GET parameters/REST Testing ]]
+[[Testing for XML Structural  (OWASP-WS-003)|4.10.3 XML Structural Testing  (OWASP-WS-003) ]]
-[[Testing for Naughty SOAP Attachments|4.10.4 Testing for Naughty SOAP attachments]]
+[[Testing for XML Content-Level  (OWASP-WS-004)|4.10.4 XML Content-level Testing  (OWASP-WS-004)]]
-[[Testing for WS Replay|4.10.5 WS Replay Testing]]
+[[Testing for WS HTTP GET parameters/REST attacks  (OWASP-WS-005)|4.10.5 HTTP GET parameters/REST Testing  (OWASP-WS-005) ]]
-[[Client-Side Testing|(new: Pdp, O.Segal, S. Di Paola) '''4.11 Client side testing''']]
+[[Testing for Naughty SOAP Attachments   (OWASP-WS-006)|4.10.6 Naughty SOAP attachments   (OWASP-WS-006) ]]
-[[Testing for AJAX|(new) 4.11.1 AJAX Testing]]
+[[Testing for WS Replay   (OWASP-WS-007)|4.10.7 Replay Testing   (OWASP-WS-007) ]]
-[[Flash Testing|(new)4.11.2 Flash Testing]]
+[[Testing_for_AJAX:_introduction|'''4.11 AJAX Testing''']]
-[[RIA Testing|(new)4.11.3 RIA Testing]]
+[[Testing for AJAX Vulnerabilities (OWASP-AJ-001)|4.11.1 AJAX Vulnerabilities (OWASP-AJ-001)]]
+[[Testing for AJAX   (OWASP-AJ-002)|4.11.2 How to test AJAX   (OWASP-AJ-002)]]
+==[[Writing Reports: value the real risk |5. Writing Reports: value the real risk ]]==
-==[[Writing Reports: value the real risk |(toimp: Mat)5. Writing Reports: value the real risk ]]==
 [[How to value the real risk |5.1 How to value the real risk]]
@@ Line 237: / Line 240: @@
 * Source Code Analyzers
 * Other Tools
 ==[[OWASP Testing Guide Appendix B: Suggested Reading | Appendix B: Suggested Reading]]==
@@ Line 243: / Line 245: @@
 * Books
 * Useful Websites
 ==[[OWASP Testing Guide Appendix C: Fuzz Vectors | Appendix C: Fuzz Vectors]]==
@@ Line 261: / Line 262: @@
 * XPATH Injection
-==[[OWASP Testing Guide Appendix D: Encoded Injection | (new: Harish S.)Appendix D: Encoded Injection]]==
+==[[OWASP Testing Guide Appendix D: Encoded Injection | Appendix D: Encoded Injection]]==