This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Input Validation"
(→Data Validation Testing) |
|||
| Line 13: | Line 13: | ||
[[Listener Testing AoC|4.6.2.5 Listener attacks etc. 1521 1433 1527 ]]<br> | [[Listener Testing AoC|4.6.2.5 Listener attacks etc. 1521 1433 1527 ]]<br> | ||
[[Command Execution AoC|4.6.3 Command Execution ]]<br> | [[Command Execution AoC|4.6.3 Command Execution ]]<br> | ||
| − | Orm injection 0% TD, ORM Injection, LDAP Injection, XML Injection, SSI Injection, XPath Injection, SQL Injection, IMAP/SMTP Injection, Code Injection, OS Commanding | + | Orm injection 0% TD, ORM Injection, LDAP Injection, XML Injection, SSI Injection, XPath Injection, SQL Injection, IMAP/SMTP Injection, Code Injection, OS Commanding<br> |
[[Buffer Overflow Testing AoC|4.6.4 Buffer overflow Testing ]]<br> | [[Buffer Overflow Testing AoC|4.6.4 Buffer overflow Testing ]]<br> | ||
[[Heap overflow testing AoC|4.6.4.1 Heap overflow ]]<br> | [[Heap overflow testing AoC|4.6.4.1 Heap overflow ]]<br> | ||
Revision as of 11:11, 12 October 2006
Data Validation Testing
4.6.1 Cross site scripting
4.6.1.1 Incubated attacks
4.6.1.2 Phishing (using javascript)
4.6.1.3 HTTP Methods + XSS (TRACE)
4.6.2 SQL Injection
4.6.2.1 Oracle, mySQL, SQL Server, TeraData
4.6.2.2 Extended stored procedures
4.6.2.3 Stored procedure injection
4.6.2.4 Oracle +SQLServer ports and attacks
4.6.2.5 Listener attacks etc. 1521 1433 1527
4.6.3 Command Execution
Orm injection 0% TD, ORM Injection, LDAP Injection, XML Injection, SSI Injection, XPath Injection, SQL Injection, IMAP/SMTP Injection, Code Injection, OS Commanding
4.6.4 Buffer overflow Testing
4.6.4.1 Heap overflow
4.6.4.2 Stack overflow
4.6.4.3 Format string
