This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Testing Guide - Index"
From OWASP
| Line 10: | Line 10: | ||
1 Frontispiece | 1 Frontispiece | ||
| − | 2.1 Copyright and License 100% | + | 2.1 Copyright and License 100% Review |
| − | 2.2 Endorsements 100% Review | + | 2.2 Endorsements 100% Review |
| − | 2.3 Trademarks 100% Review | + | 2.3 Trademarks 100% Review |
2. Introduction | 2. Introduction | ||
| − | 1. Performing An Application Security Review 0% | + | 1. Performing An Application Security Review 0% TD |
| − | 2. Principles of Testing 0% | + | 2. Principles of Testing 0% TD |
| − | 3. Testing Techniques Explained 0% | + | 3. Testing Techniques Explained 0% TD |
3. Methodologies Used Review | 3. Methodologies Used Review | ||
| Line 29: | Line 29: | ||
3.8 Automated Vulnerability Scanning 0% TD | 3.8 Automated Vulnerability Scanning 0% TD | ||
| − | 4. Finding Specific Issues In a Non-Technical Manner | + | 4. Finding Specific Issues In a Non-Technical Manner Review |
| − | 4.1. Threat Modeling Introduction | + | 4.1. Threat Modeling Introduction 0% TD |
| − | 4.2. Design Reviews | + | 4.2. Design Reviews 0% TD |
| − | 4.3. Threat Modeling the Application | + | 4.3. Threat Modeling the Application 0% TD |
| − | 4.4. Policy Reviews | + | 4.4. Policy Reviews 0% TD |
| − | 4.5. Requirements Analysis | + | 4.5. Requirements Analysis 0% TD |
| − | 4.6. Developer Interviews and Interaction | + | 4.6. Developer Interviews and Interaction 0% TD |
5. Finding Specific Vulnerabilities Using Source Code Review | 5. Finding Specific Vulnerabilities Using Source Code Review | ||
| Line 108: | Line 108: | ||
6.10.2 How to test | 6.10.2 How to test | ||
| − | 7. The OWASP Testing Framework | + | 7. The OWASP Testing Framework 100% Review |
7.1. Overview | 7.1. Overview | ||
7.2. Phase 1 — Before Development Begins | 7.2. Phase 1 — Before Development Begins | ||
* Phase 1A: Policies and Standards Review | * Phase 1A: Policies and Standards Review | ||
| − | * Phase 1B: Develop Measurement and Metrics Criteria (Ensure Traceability) | + | * Phase 1B: Develop Measurement and Metrics Criteria |
| + | (Ensure Traceability) | ||
7.3. Phase 2: During Definition and Design | 7.3. Phase 2: During Definition and Design | ||
* Phase 2A: Security Requirements Review | * Phase 2A: Security Requirements Review | ||
| Line 131: | Line 132: | ||
* Figure 3: Typical SDLC Testing Workflow. | * Figure 3: Typical SDLC Testing Workflow. | ||
| − | Appendix A: Testing Tools | + | Appendix A: Testing Tools 95% Review |
1. Source Code Analyzers | 1. Source Code Analyzers | ||
* Open Source / Freeware | * Open Source / Freeware | ||
| Line 143: | Line 144: | ||
* Requirements Management | * Requirements Management | ||
| − | Appendix B: Suggested Reading | + | Appendix B: Suggested Reading 95% Review |
1. Whitepapers | 1. Whitepapers | ||
2. Books | 2. Books | ||
| Line 150: | Line 151: | ||
5. OWASP — http://www.owasp.org | 5. OWASP — http://www.owasp.org | ||
| − | Appendix C: Fuzz Vectors | + | Appendix C: Fuzz Vectors 95% Review |
Revision as of 13:42, 5 October 2006
Version 0.1 (October 4th)
Legend: Review: M.Meucci TD: Paragraph to be assigned
Paragraph__________________________________________________|__State___|___Action____|___Author___
1 Frontispiece
2.1 Copyright and License 100% Review 2.2 Endorsements 100% Review 2.3 Trademarks 100% Review
2. Introduction
1. Performing An Application Security Review 0% TD 2. Principles of Testing 0% TD 3. Testing Techniques Explained 0% TD
3. Methodologies Used Review
3.1 The goal 90% TD 3.2 Overview of Approaches 90% TD 3.3 Security Requirements Review 0% TD 3.4 Security Architecture Review 0% TD 3.5 Code Review 90% TD 3.6 Automated Code Scanning 0% TD 3.7 Penetration Testing 90% TD 3.8 Automated Vulnerability Scanning 0% TD
4. Finding Specific Issues In a Non-Technical Manner Review
4.1. Threat Modeling Introduction 0% TD 4.2. Design Reviews 0% TD 4.3. Threat Modeling the Application 0% TD 4.4. Policy Reviews 0% TD 4.5. Requirements Analysis 0% TD 4.6. Developer Interviews and Interaction 0% TD
5. Finding Specific Vulnerabilities Using Source Code Review
5.1 For code review please see the OWASP Code Review Project
6. Manual testing techniques
6.1 Introduction and objectives 6.2 Business logic testing
6.3 Authentication 6.3.1 Default or guessable (dictionary) user account 6.3.2 Brute Force 6.3.3 Bypassing authentication schema 6.3.4 Vulnerable remeber password and password reset 6.3.5 Logout and account expiry
6.4 Session Management 6.4.1 Cookie and Session token Manipulation (regeneration, forging/brute force) 6.4.2 Weak session tokens 6.4.3 Session Riding 6.4.2 Exposed session variables 6.4.3 HTTP Exploit
6.5 Data Validation 6.5.1 Cross site scripting 6.5.1.1 Incubated attacks 6.5.1.2 Phishing (using java script) 6.5.1.3 HTTP Methods + XSS (TRACE) 6.5.2 SQL Injection 6.5.2.1 Oracle, mySQL, SQL Server, TeraData 6.5.2.2 Extended stored procedures. 6.5.2.3 Stored procedure injection 6.5.2.4 Oracle +SQLServer ports and attacks 6.5.2.5 Listener attacks etc. 1521 1433 1527 6.5.3 Orm injection 6.5.4 Ldap injection 6.5.5 Xml injection 6.5.6 Code injection
6.6 Denial of Service 6.6.1 Locking Customer Accounts 6.6.2 Buffer Overflows 6.6.3 User Specified Object Allocation 6.6.4 User Input as a Loop Counter 6.6.5 Writing User Provided Data to Disk 6.6.6 Failure to Release Resources 6.6.7 Storing too Much Data in Session
6.7 Buffer overflow 6.7.1 Heap overflow 6.7.2 Stack overflow 6.7.3 Format string
6.8 Infrastructure and configuration 6.8.1 Intro and objective 6.8.2 Application configuration management testing 6.8.3 Old, backup and unreferenced files 6.8.4 File extensions handling 6.8.5 Analisys of error code 6.8.5 SSL/TLS Testing: support of weak ciphers and certificate validity 6.8.6 Testing defense from Automatic Attacks (maybe a duplicate)
6.9 Web Services 6.9.1 XML Structural Attacks 6.9.2 XML content-level attacks 6.9.3 HTTP GET parameters/REST attacks 6.9.4 Naughty SOAP attachments 6.9.5 Brute force attacks
6.10 AJAX 6.10.1 Vulnerabilities 6.10.2 How to test
7. The OWASP Testing Framework 100% Review
7.1. Overview
7.2. Phase 1 — Before Development Begins
* Phase 1A: Policies and Standards Review
* Phase 1B: Develop Measurement and Metrics Criteria
(Ensure Traceability)
7.3. Phase 2: During Definition and Design
* Phase 2A: Security Requirements Review
* Phase 2B: Design an Architecture Review
* Phase 2C: Create and Review UML Models
* Phase 2D: Create and Review Threat Models
7.4. Phase 3: During Development
* Phase 3A: Code Walkthroughs
* Phase 3B: Code Reviews
7.5. Phase 4: During Deployment
* Phase 4A: Application Penetration Testing
* Phase 4B: Configuration Management Testing
7.6. Phase 5: Maintenance and Operations
* Phase 5A: Conduct Operational Management Reviews
* Phase 5B: Conduct Periodic Health Checks
* Phase 5C: Ensure Change Verification
7.7. A Typical SDLC Testing Workflow
* Figure 3: Typical SDLC Testing Workflow.
Appendix A: Testing Tools 95% Review
1. Source Code Analyzers
* Open Source / Freeware
* Commercial
2. Black Box Scanners
* Open Source
* Commercial
3. Other Tools
* Runtime Analysis
* Binary Analysis
* Requirements Management
Appendix B: Suggested Reading 95% Review
1. Whitepapers 2. Books 3. Articles 4. Useful Websites 5. OWASP — http://www.owasp.org
Appendix C: Fuzz Vectors 95% Review
