This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Client Side Testing

Revision as of 12:25, 5 August 2014 by Andrew Muller (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: Back to the OWASP Testing Guide Project:

4.12 Client-Side Testing

Client-Side testing is concerned with the execution of code on the client, typically natively within a web browser or browser plugin. The execution of code on the client-side is distinct from executing on the server and returning the subsequent content.

The following articles describe how to conduct a Client-Side test of a web application:

4.12.1 Testing for DOM based Cross Site Scripting (OTG-CLIENT-001)

4.12.2 Testing for JavaScript Execution (OTG-CLIENT-002)

4.12.3 Testing for HTML Injection (OTG-CLIENT-003)

4.12.4 Testing for Client Side URL Redirect (OTG-CLIENT-004)

4.12.5 Testing for CSS Injection (OTG-CLIENT-005)

4.12.6 Testing for Client Side Resource Manipulation (OTG-CLIENT-006)

4.12.7 Test Cross Origin Resource Sharing (OTG-CLIENT-007)

4.12.8 Testing for Cross Site Flashing (OTG-CLIENT-008)

4.12.9 Testing for Clickjacking (OTG-CLIENT-009)

4.12.10 Testing WebSockets (OTG-CLIENT-010)

4.12.11 Test Web Messaging (OTG-CLIENT-011)

4.12.12 Test Local Storage (OTG-CLIENT-012)