This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Security Testing Cheat Sheet"
Bill Sempf (talk | contribs) (Created page with "== DRAFT CHEAT SHEET - WORK IN PROGRESS == == Introduction == This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat...") |
Bill Sempf (talk | contribs) (Set up headers.) |
||
Line 13: | Line 13: | ||
Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases. | Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases. | ||
+ | |||
+ | === Injection === | ||
+ | |||
+ | === Authentication and Authorization === | ||
+ | |||
+ | === Session management === | ||
+ | |||
+ | === Configuration === | ||
+ | |||
+ | === Compliance === | ||
+ | |||
+ | ==== PCI ==== | ||
+ | |||
+ | ==== HIPPA ==== | ||
+ | |||
+ | === Handling data === | ||
+ | |||
+ | === Technology Specific Tests === | ||
+ | |||
+ | ==== PHP ==== | ||
+ | |||
+ | ==== Microsoft ==== | ||
+ | |||
+ | ==== Ruby on Rails ==== | ||
+ | |||
+ | ==== Adobe ==== | ||
+ | |||
+ | ==== Java ==== | ||
+ | |||
+ | ==== JavaScript Frameworks ==== | ||
+ | |||
+ | === Configuration === | ||
+ | |||
+ | === Cross Site Request Forgery === | ||
+ | |||
== Authors and Primary Editors == | == Authors and Primary Editors == |
Revision as of 03:27, 23 March 2013
- 1 DRAFT CHEAT SHEET - WORK IN PROGRESS
- 2 Introduction
- 3 Testing Tools
- 4 Security Test Plan
- 5 Authors and Primary Editors
- 6 Other Cheatsheets
DRAFT CHEAT SHEET - WORK IN PROGRESS
Introduction
This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat sheet is to act as a starting point for a comprehensive QA Test Plan for security of web applications.
Testing Tools
Testing web applications is difficult without tools. The following tools are the common set for QA professionals to accomplish all of the test cases in the security test plan.
- Zed Attack Proxy
- WebScarab
Security Test Plan
Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.
Injection
Authentication and Authorization
Session management
Configuration
Compliance
PCI
HIPPA
Handling data
Technology Specific Tests
PHP
Microsoft
Ruby on Rails
Adobe
Java
JavaScript Frameworks
Configuration
Cross Site Request Forgery
Authors and Primary Editors
Bill Sempf - bill.sempf [at] owasp.org User:Bill Sempf
Other Cheatsheets
OWASP Cheat Sheets Project Homepage