This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Testing Guide - Index"

From OWASP
Jump to: navigation, search
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Version 0.1 (October 4th)
+
{{taggedDocument
 +
| type=historical
 +
| link=OWASP Testing Guide
 +
}}
  
Legend:
+
<ul>
Review: M.Meucci
+
Legend: <br>
TD: Paragraph to be assigned
+
Review: M.Meucci <br>
 +
TD: Paragraph to be assigned <br>
 +
</ul>
  
 +
==[[Testing Guide Frontispiece|Frontispiece]]==
 +
#Copyright and License                                        (100%, Review)
 +
#Endorsements                                         (100%, Review)
 +
#Trademarks                                                 (100%, Review)
  
'''Paragraph__________________________________________________|__State___|___Action____|___Author___'''
+
==[[Testing Guide Introduction|Introduction]]==
 +
#Performing An Application Security Review                      0%        TD
 +
#Principles of Testing                                          0%        TD
 +
#Testing Techniques Explained                                    0%        TD
 +
 
 +
==[[The OWASP Testing Framework|The OWASP Testing Framework]]==
 +
3. The OWASP Testing Framework                                      20%      (Review) <br>
 +
'''3.1. Overview'''<br>
 +
'''3.2. Phase 1 — Before Development Begins <br>'''
 +
* Phase 1A: Policies and Standards Review <br>
 +
* Phase 1B: Develop Measurement and Metrics Criteria (Ensure Traceability) <br>
 +
'''3.3. Phase 2: During Definition and Design<br>'''
 +
* Phase 2A: Security Requirements Review<br>
 +
* Phase 2B: Design an Architecture Review<br>
 +
* Phase 2C: Create and Review UML Models<br>
 +
* Phase 2D: Create and Review Threat Models <br>
 +
'''3.4. Phase 3: During Development<br>'''
 +
* Phase 3A: Code Walkthroughs<br>
 +
* Phase 3B: Code Reviews <br>
 +
'''3.5. Phase 4: During Deployment<br>'''
 +
* Phase 4A: Application Penetration Testing<br>
 +
* Phase 4B: Configuration Management Testing <br>
 +
'''3.6. Phase 5: Maintenance and Operations<br>'''
 +
* Phase 5A: Conduct Operational Management Reviews<br>
 +
* Phase 5B: Conduct Periodic Health Checks<br>
 +
* Phase 5C: Ensure Change Verification <br>
 +
'''3.7. A Typical SDLC Testing Workflow <br>'''
 +
* Figure 3: Typical SDLC Testing Workflow <br>
 +
'''3.8 Methodologies Used                                                        (Review)<br>'''
 +
3.8.1 The goal                                             50% TD<br>
 +
3.8.2 Overview of Approaches                             50% TD<br>
 +
3.8.3 Security Requirements Review                               0% TD<br>
 +
3.8.4 Security Architecture Review                               0% TD<br>
 +
3.8.5 Code Review                                             50% TD<br>
 +
3.8.6 Automated Code Scanning                               0% TD<br>
 +
3.8.7 Penetration Testing                                     50% TD<br>
 +
3.8.8 Automated Vulnerability Scanning                       0% TD<br>
 +
 
 +
==[[Manual testing techniques |Manual testing techniques ]]==
 +
'''4.1 Introduction and objectives'''                               0% TD<br>
 +
'''4.2 Information Gathering (spider, google)'''                        0% TD<br>
 +
'''4.3 Business logic testing'''                                        50% TD<br>
 +
 +
'''4.4 Authentication Testing'''                                     50%        TD<br>
 +
4.4.1 Default or guessable (dictionary) user account              90%        TD<br>
 +
4.4.2 Brute Force                                                  0%        TD<br>
 +
4.4.3 Bypassing authentication schema                              0%        TD<br>
 +
4.4.4 Vulnerable remember password and pwd reset                  90%        TD<br>
 +
4.4.5 Logout and account expiry                                       0%        TD<br>
 +
 +
'''4.5 Session Management Testing'''                                        0%        TD<br>
 +
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)  100%      Review <br> 
 +
4.5.2 Weak session tokens                                     70%        TD<br>
 +
4.5.3 Session Riding                                             100%      Review<br>
 +
4.5.4 Exposed session variables                               0%        TD<br>
 +
4.5.5 HTTP Exploit                                                0%        TD<br>
 +
 +
'''4.6 Data Validation Testing'''                                        0%        TD <br>
 +
4.6.1 Cross site scripting                                        0%        TD<br>
 +
4.6.1.1 Incubated attacks                                          0%        TD<br>
 +
4.6.1.2 Phishing (using javascript)                                0%        TD<br>
 +
4.6.1.3  HTTP Methods + XSS (TRACE)                                0%        TD<br>
 +
4.6.2 SQL Injection                                                0%        TD<br>
 +
4.6.2.1 Oracle, mySQL, SQL Server, TeraData                        0%        TD <br>
 +
4.6.2.2 Extended stored procedures                                0%        TD<br>
 +
4.6.2.3 Stored procedure injection                                0%        TD<br>
 +
4.6.2.4 Oracle +SQLServer ports and attacks                        0%        TD<br>
 +
4.6.2.5 Listener attacks etc. 1521 1433 1527                      0%        TD<br>
 +
4.6.3 Orm injection                                                0%        TD<br>
 +
4.6.4 Ldap injection                                              0%        TD<br>
 +
4.6.5 Xml injection                                                0%        TD<br>
 +
4.6.6 Code injection                                              0%        TD<br>
 +
4.6.7 Buffer overflow Testing                                      100%        Review <br>
 +
4.6.7.1 Heap overflow                                             100%        Review<br>
 +
4.6.7.2 Stack overflow                                            100%        Review<br>
 +
4.6.7.3 Format string                                              100%        Review<br>
 +
 +
'''4.7 Denial of Service Testing'''                                    95%        Review<br>
 +
4.7.1 Locking Customer Accounts                                  100%        Review<br>
 +
4.7.2 Buffer Overflows                                          100%        Review <br>
 +
4.7.3 User Specified Object Allocation                          100%        Review<br>
 +
4.7.4 User Input as a Loop Counter                              100%        Review<br>
 +
4.7.5 Writing User Provided Data to Disk                        100%        Review<br>
 +
4.7.6 Failure to Release Resources                              100%        Review<br>
 +
4.7.7 Storing too Much Data in Session                            90%        Review<br>
 +
 
 +
'''4.8 Infrastructure and configuration Testing'''                      0%        TD<br>
 +
4.8.1 Intro and objective                                          0%        TD<br>
 +
4.8.2 Infrastructure configuration management testing            100%        TD<br>
 +
4.8.3 Application configuration management testing              100%        TD<br>
 +
4.8.4 Old, backup and unreferenced files                        100%        TD<br>
 +
4.8.5 File extensions handling                           90%        TD<br>
 +
4.8.6 Analisys of error code                                      50%        TD<br>
 +
4.8.7 SSL/TLS Testing: support of weak ciphers and cert validity 100%        TD<br>
 +
4.8.8 Testing defense from Automatic attacks (maybe a duplicate)  10%        TD<br>
 +
 
 +
'''4.9 Web Services Testing'''                                          0%        TD<br>
 +
4.9.1 XML Structural Attacks                                      0% TD<br>
 +
4.9.2 XML content-level attacks                           0% TD<br>
 +
4.9.3 HTTP GET parameters/REST attacks                       0% TD<br>
 +
4.9.4 Naughty SOAP attachments                               0% TD<br>
 +
4.9.5 Brute force attacks                                       0% TD<br>
 +
 
 +
'''4.10 AJAX Testing'''                                                  0% TD<br>
 +
4.10.1 Vulnerabilities                                       0% TD<br>
 +
4.10.2  How to test                                               0% TD<br>
 +
 
 +
==[[Writing Reports: value the real risk |Writing Reports: value the real risk ]]==
 +
'''5.1 How to value the real risk'''                               0% TD<br>
 +
'''5.2 How to write the report of the testing'''                       0% TD<br>
 +
 
 +
==[[Appendix A: Testing Tools |Appendix A: Testing Tools ]]==
 +
  1. Source Code Analyzers
 +
          * Open Source / Freeware
 +
          * Commercial
 +
  2. Black Box Scanners
 +
          * Open Source
 +
          * Commercial
 +
  3. Other Tools
 +
          * Runtime Analysis
 +
          * Binary Analysis
 +
          * Requirements Management
 +
 
 +
==[[OWASP Testing Guide Appendix B: Suggested Reading | Appendix B: Suggested Reading]]==
 +
  1. Whitepapers
 +
  2. Books
 +
  3. Articles
 +
  4. Useful Websites
 +
  5. OWASP — http://www.owasp.org
 +
 
 +
==[[OWASP Testing Guide Appendix C: Fuzz Vectors | Appendix C: Fuzz Vectors]]==
 +
                                     
 +
 
 +
<br>
 +
<br>
 +
 
 +
=== Version 0.1 (October 4th) ===
 +
 
 +
 
 +
'''Paragraph___________________________________________________|__State___|___Action___|___Author___'''
  
 
 
Line 19: Line 167:
 
   3. Testing Techniques Explained                                    0%        TD
 
   3. Testing Techniques Explained                                    0%        TD
  
3. Methodologies Used                                               Review
+
3. Methodologies Used                                                         (Review)
   3.1 The goal                                                     90% TD
+
   3.1 The goal                                                     50% TD
   3.2 Overview of Approaches                                     90% TD
+
   3.2 Overview of Approaches                                     50% TD
 
   3.3 Security Requirements Review                               0% TD
 
   3.3 Security Requirements Review                               0% TD
 
   3.4 Security Architecture Review                               0% TD
 
   3.4 Security Architecture Review                               0% TD
   3.5 Code Review                                             90% TD
+
   3.5 Code Review                                             50% TD
 
   3.6 Automated Code Scanning                                       0% TD
 
   3.6 Automated Code Scanning                                       0% TD
   3.7 Penetration Testing                                     90% TD
+
   3.7 Penetration Testing                                     50% TD
 
   3.8 Automated Vulnerability Scanning                               0% TD
 
   3.8 Automated Vulnerability Scanning                               0% TD
  
4. Finding Specific Issues In a Non-Technical Manner               Review
+
4. Finding Specific Issues In a Non-Technical Manner                         (Review)
 
   4.1. Threat Modeling Introduction                               0% TD
 
   4.1. Threat Modeling Introduction                               0% TD
 
   4.2. Design Reviews                                               0% TD
 
   4.2. Design Reviews                                               0% TD
Line 40: Line 188:
 
   5.1 For code review please see the OWASP Code Review Project
 
   5.1 For code review please see the OWASP Code Review Project
  
6. Manual testing techniques
+
6. Manual testing techniques                                                 (Review)
   6.1 Introduction and objectives
+
   6.1 Introduction and objectives                               0% TD
   6.2 Business logic testing
+
   6.2 Information Gathering (spider, google)                        0% TD
 
+
  6.3 Business logic testing                                       50% TD
   6.3 Authentication
+
   6.3.1 Default or guessable (dictionary) user account
+
   6.4 Authentication Testing                                     50%        TD
   6.3.2 Brute Force
+
   6.4.1 Default or guessable (dictionary) user account             90%        TD
   6.3.3 Bypassing authentication schema
+
   6.4.2 Brute Force                                                 0%        TD
   6.3.4 Vulnerable remeber password and password reset
+
   6.4.3 Bypassing authentication schema                             0%        TD
   6.3.5 Logout and account expiry
+
   6.4.4 Vulnerable remember password and pwd reset                 90%        TD
 
+
   6.4.5 Logout and account expiry                               0%        TD
   6.4 Session Management
+
   6.4.1 Cookie and Session token Manipulation (regeneration, forging/brute force)
+
   6.5 Session Management Testing                                    0%        TD
   6.4.2 Weak session tokens
+
   6.5.1 Cookie and Session token Manipulation  
   6.4.3 Session Riding
+
            (regeneration, forging/brute force)                     100%      Review   
   6.4.2 Exposed session variables
+
   6.5.2 Weak session tokens                                     70%        TD
   6.4.3 HTTP Exploit
+
   6.5.3 Session Riding                                             100%      Review
 +
   6.5.4 Exposed session variables                               0%        TD
 +
  6.5.5 HTTP Exploit                                                0%        TD
 +
 +
  6.6 Data Validation Testing                                        0%        TD
 +
  6.6.1 Cross site scripting                                        0%        TD
 +
  6.6.1.1 Incubated attacks                                          0%        TD
 +
  6.6.1.2 Phishing (using javascript)                                0%        TD
 +
  6.6.1.3  HTTP Methods + XSS (TRACE)                                0%        TD
 +
  6.6.2 SQL Injection                                                0%        TD
 +
  6.6.2.1 Oracle, mySQL, SQL Server, TeraData                        0%        TD
 +
  6.6.2.2 Extended stored procedures                                0%        TD
 +
  6.6.2.3 Stored procedure injection                                0%        TD
 +
   6.6.2.4 Oracle +SQLServer ports and attacks                        0%        TD
 +
  6.6.2.5 Listener attacks etc. 1521 1433 1527                      0%        TD
 +
  6.6.3 Orm injection                                                0%        TD
 +
  6.6.4 Ldap injection                                              0%        TD
 +
  6.6.5 Xml injection                                                0%        TD
 +
  6.6.6 Code injection                                              0%        TD
 +
 +
  6.7 Denial of Service Testing                                    95%        Review
 +
  6.7.1 Locking Customer Accounts                                  100%        Review
 +
  6.7.2 Buffer Overflows                                          100%        Review
 +
  6.7.3 User Specified Object Allocation                          100%        Review
 +
  6.7.4 User Input as a Loop Counter                              100%        Review
 +
  6.7.5 Writing User Provided Data to Disk                        100%        Review
 +
  6.7.6 Failure to Release Resources                              100%        Review
 +
  6.7.7 Storing too Much Data in Session                            90%        Review
  
   6.5 Data Validation
+
   6.8 Buffer overflow Testing                                      100%        Review
   6.5.1 Cross site scripting
+
   6.8.1 Heap overflow                                             100%        Review
   6.5.1.1 Incubated attacks
+
   6.8.2 Stack overflow                                            100%        Review
  6.5.1.2 Phishing (using java script)
+
   6.8.3 Format string                                              100%        Review
  6.5.1.3  HTTP Methods + XSS (TRACE)
 
  6.5.2 SQL Injection
 
  6.5.2.1 Oracle, mySQL, SQL Server, TeraData
 
  6.5.2.2 Extended stored procedures.
 
  6.5.2.3 Stored procedure injection
 
  6.5.2.4 Oracle +SQLServer ports and attacks
 
  6.5.2.5 Listener attacks etc. 1521 1433 1527
 
   6.5.3 Orm injection
 
  6.5.4 Ldap injection
 
  6.5.5 Xml injection
 
  6.5.6 Code injection
 
  
   6.6 Denial of Service
+
   6.9 Infrastructure and configuration Testing                      0%        TD
  6.6.1 Locking Customer Accounts
+
    6.9.1 Intro and objective                                        0%        TD
  6.6.2 Buffer Overflows
+
    6.9.2 Infrastructure configuration management testing          100%        TD
  6.6.3 User Specified Object Allocation
+
    6.9.3 Application configuration management testing              100%        TD
  6.6.4 User Input as a Loop Counter
 
  6.6.5 Writing User Provided Data to Disk
 
  6.6.6 Failure to Release Resources
 
  6.6.7 Storing too Much Data in Session
 
  
  6.7 Buffer overflow
+
    6.9.4 Old, backup and unreferenced files                        100%        TD
  6.7.1 Heap overflow
+
    6.9.5 File extensions handling                     90%        TD
  6.7.2 Stack overflow
+
    6.9.6 Analisys of error code                                    50%        TD
  6.7.3 Format string
+
    6.9.7 SSL/TLS Testing: support of weak                          100%        TD
 +
              ciphers and certificate validity
 +
    6.9.8 Testing defense from Automatic                            10%        TD
 +
              Attacks (maybe a duplicate)
  
   6.8 Infrastructure and configuration
+
   6.10 Web Services Testing                                          0%        TD
   6.8.1 Intro and objective
+
   6.10.1 XML Structural Attacks                                      0% TD
   6.8.2 Application configuration management testing
+
   6.10.2 XML content-level attacks                               0% TD
   6.8.3 Old, backup and unreferenced files
+
   6.10.3 HTTP GET parameters/REST attacks                       0% TD
   6.8.4 File extensions handling
+
   6.10.4 Naughty SOAP attachments                               0% TD
  6.8.5 Analisys of error code
+
   6.10.5 Brute force attacks                                       0% TD
   6.8.5 SSL/TLS Testing: support of weak ciphers and certificate validity
 
  6.8.6 Testing defense from Automatic Attacks (maybe a duplicate)
 
  
   6.9 Web Services
+
   6.11 AJAX Testing                                                  0% TD
   6.9.1 XML Structural Attacks
+
   6.11.1 Vulnerabilities                                       0% TD
   6.9.2 XML content-level attacks
+
   6.11.2 How to test                                               0% TD
  6.9.3 HTTP GET parameters/REST attacks
 
  6.9.4 Naughty SOAP attachments
 
  6.9.5 Brute force attacks
 
  
  6.10 AJAX
 
  6.10.1 Vulnerabilities
 
  6.10.2  How to test
 
  
7. The OWASP Testing Framework                                       100%     Review
+
7. The OWASP Testing Framework                                       95%       (Review)
 
   7.1. Overview
 
   7.1. Overview
 
   7.2. Phase 1 — Before Development Begins
 
   7.2. Phase 1 — Before Development Begins
Line 132: Line 287:
 
           * Figure 3: Typical SDLC Testing Workflow.  
 
           * Figure 3: Typical SDLC Testing Workflow.  
  
Appendix A: Testing Tools                                            95%    Review
+
Appendix A: Testing Tools                                            95%    (Review)
 
   1. Source Code Analyzers
 
   1. Source Code Analyzers
 
           * Open Source / Freeware
 
           * Open Source / Freeware
Line 144: Line 299:
 
           * Requirements Management  
 
           * Requirements Management  
  
Appendix B: Suggested Reading                                        95%    Review
+
Appendix B: Suggested Reading                                        95%    (Review)
 
   1. Whitepapers
 
   1. Whitepapers
 
   2. Books
 
   2. Books
Line 151: Line 306:
 
   5. OWASP — http://www.owasp.org  
 
   5. OWASP — http://www.owasp.org  
  
Appendix C: Fuzz Vectors                                              95%    Review
+
Appendix C: Fuzz Vectors                                              95%    (Review)

Latest revision as of 22:00, 30 July 2016

This historical page is now part of the OWASP archive.
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like OWASP Testing Guide
    Legend:
    Review: M.Meucci
    TD: Paragraph to be assigned

Frontispiece

  1. Copyright and License (100%, Review)
  2. Endorsements (100%, Review)
  3. Trademarks (100%, Review)

Introduction

  1. Performing An Application Security Review 0% TD
  2. Principles of Testing 0% TD
  3. Testing Techniques Explained 0% TD

The OWASP Testing Framework

3. The OWASP Testing Framework 20% (Review)
3.1. Overview
3.2. Phase 1 — Before Development Begins

  • Phase 1A: Policies and Standards Review
  • Phase 1B: Develop Measurement and Metrics Criteria (Ensure Traceability)

3.3. Phase 2: During Definition and Design

  • Phase 2A: Security Requirements Review
  • Phase 2B: Design an Architecture Review
  • Phase 2C: Create and Review UML Models
  • Phase 2D: Create and Review Threat Models

3.4. Phase 3: During Development

  • Phase 3A: Code Walkthroughs
  • Phase 3B: Code Reviews

3.5. Phase 4: During Deployment

  • Phase 4A: Application Penetration Testing
  • Phase 4B: Configuration Management Testing

3.6. Phase 5: Maintenance and Operations

  • Phase 5A: Conduct Operational Management Reviews
  • Phase 5B: Conduct Periodic Health Checks
  • Phase 5C: Ensure Change Verification

3.7. A Typical SDLC Testing Workflow

  • Figure 3: Typical SDLC Testing Workflow

3.8 Methodologies Used (Review)
3.8.1 The goal 50% TD
3.8.2 Overview of Approaches 50% TD
3.8.3 Security Requirements Review 0% TD
3.8.4 Security Architecture Review 0% TD
3.8.5 Code Review 50% TD
3.8.6 Automated Code Scanning 0% TD
3.8.7 Penetration Testing 50% TD
3.8.8 Automated Vulnerability Scanning 0% TD

Manual testing techniques

4.1 Introduction and objectives 0% TD
4.2 Information Gathering (spider, google) 0% TD
4.3 Business logic testing 50% TD

4.4 Authentication Testing 50% TD
4.4.1 Default or guessable (dictionary) user account 90% TD
4.4.2 Brute Force 0% TD
4.4.3 Bypassing authentication schema 0% TD
4.4.4 Vulnerable remember password and pwd reset 90% TD
4.4.5 Logout and account expiry 0% TD

4.5 Session Management Testing 0% TD
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review
4.5.2 Weak session tokens 70% TD
4.5.3 Session Riding 100% Review
4.5.4 Exposed session variables 0% TD
4.5.5 HTTP Exploit 0% TD

4.6 Data Validation Testing 0% TD
4.6.1 Cross site scripting 0% TD
4.6.1.1 Incubated attacks 0% TD
4.6.1.2 Phishing (using javascript) 0% TD
4.6.1.3 HTTP Methods + XSS (TRACE) 0% TD
4.6.2 SQL Injection 0% TD
4.6.2.1 Oracle, mySQL, SQL Server, TeraData 0% TD
4.6.2.2 Extended stored procedures 0% TD
4.6.2.3 Stored procedure injection 0% TD
4.6.2.4 Oracle +SQLServer ports and attacks 0% TD
4.6.2.5 Listener attacks etc. 1521 1433 1527 0% TD
4.6.3 Orm injection 0% TD
4.6.4 Ldap injection 0% TD
4.6.5 Xml injection 0% TD
4.6.6 Code injection 0% TD
4.6.7 Buffer overflow Testing 100% Review
4.6.7.1 Heap overflow 100% Review
4.6.7.2 Stack overflow 100% Review
4.6.7.3 Format string 100% Review

4.7 Denial of Service Testing 95% Review
4.7.1 Locking Customer Accounts 100% Review
4.7.2 Buffer Overflows 100% Review
4.7.3 User Specified Object Allocation 100% Review
4.7.4 User Input as a Loop Counter 100% Review
4.7.5 Writing User Provided Data to Disk 100% Review
4.7.6 Failure to Release Resources 100% Review
4.7.7 Storing too Much Data in Session 90% Review

4.8 Infrastructure and configuration Testing 0% TD
4.8.1 Intro and objective 0% TD
4.8.2 Infrastructure configuration management testing 100% TD
4.8.3 Application configuration management testing 100% TD
4.8.4 Old, backup and unreferenced files 100% TD
4.8.5 File extensions handling 90% TD
4.8.6 Analisys of error code 50% TD
4.8.7 SSL/TLS Testing: support of weak ciphers and cert validity 100% TD
4.8.8 Testing defense from Automatic attacks (maybe a duplicate) 10% TD

4.9 Web Services Testing 0% TD
4.9.1 XML Structural Attacks 0% TD
4.9.2 XML content-level attacks 0% TD
4.9.3 HTTP GET parameters/REST attacks 0% TD
4.9.4 Naughty SOAP attachments 0% TD
4.9.5 Brute force attacks 0% TD

4.10 AJAX Testing 0% TD
4.10.1 Vulnerabilities 0% TD
4.10.2 How to test 0% TD

Writing Reports: value the real risk

5.1 How to value the real risk 0% TD
5.2 How to write the report of the testing 0% TD

Appendix A: Testing Tools

  1. Source Code Analyzers
         * Open Source / Freeware
         * Commercial 
  2. Black Box Scanners
         * Open Source
         * Commercial 
  3. Other Tools
         * Runtime Analysis
         * Binary Analysis
         * Requirements Management 

Appendix B: Suggested Reading

  1. Whitepapers
  2. Books
  3. Articles
  4. Useful Websites
  5. OWASP — http://www.owasp.org 

Appendix C: Fuzz Vectors



Version 0.1 (October 4th)

Paragraph___________________________________________________|__State___|___Action___|___Author___


1 Frontispiece

  2.1 Copyright and License                                        100%      Review	
  2.2 Endorsements	                                            100%      Review
  2.3 Trademarks 	                                            100%      Review	

2. Introduction

  1. Performing An Application Security Review                       0%        TD
  2. Principles of Testing                                           0%        TD
  3. Testing Techniques Explained                                    0%        TD

3. Methodologies Used (Review)

  3.1 The goal	                                                     50%	TD
  3.2 Overview of Approaches	                                     50%	TD
  3.3 Security Requirements Review	                              0%	TD
  3.4 Security Architecture Review	                              0%	TD
  3.5 Code Review	                                             50%	TD
  3.6 Automated Code Scanning	                                      0%	TD
  3.7 Penetration Testing	                                     50%	TD
  3.8 Automated Vulnerability Scanning	                              0%	TD

4. Finding Specific Issues In a Non-Technical Manner (Review)

  4.1. Threat Modeling Introduction	                              0%	TD
  4.2. Design Reviews	                                              0%	TD
  4.3. Threat Modeling the Application	                              0%	TD
  4.4. Policy Reviews	                                              0%	TD
  4.5. Requirements Analysis	                                      0%	TD
  4.6. Developer Interviews and Interaction 	                      0%	TD

5. Finding Specific Vulnerabilities Using Source Code Review

  5.1 For code review please see the OWASP Code Review Project

6. Manual testing techniques (Review)

  6.1 Introduction and objectives	                              0%	TD
  6.2 Information Gathering (spider, google)                         0%	TD
  6.3 Business logic testing                                        50%	TD
  6.4 Authentication Testing	                                     50%        TD
  6.4.1 Default or guessable (dictionary) user account              90%        TD
  6.4.2 Brute Force                                                  0%        TD
  6.4.3 Bypassing authentication schema                              0%        TD
  6.4.4 Vulnerable remember password and pwd reset                  90%        TD
  6.4.5 Logout and account expiry	                              0%        TD
  6.5 Session Management Testing                                     0%        TD
  6.5.1 Cookie and Session token Manipulation 
           (regeneration, forging/brute force)	                    100%       Review    
  6.5.2 Weak session tokens	                                     70%        TD
  6.5.3 Session Riding	                                            100%       Review
  6.5.4 Exposed session variables	                              0%        TD
  6.5.5 HTTP Exploit                                                 0%        TD
  6.6 Data Validation Testing                                        0%        TD		
  6.6.1 Cross site scripting                                         0%        TD
  6.6.1.1 Incubated attacks                                          0%        TD
  6.6.1.2 Phishing (using javascript)                                0%        TD
  6.6.1.3  HTTP Methods + XSS (TRACE)                                0%        TD
  6.6.2 SQL Injection                                                0%        TD
  6.6.2.1 Oracle, mySQL, SQL Server, TeraData                        0%        TD	
  6.6.2.2 Extended stored procedures                                 0%        TD
  6.6.2.3 Stored procedure injection                                 0%        TD
  6.6.2.4 Oracle +SQLServer ports and attacks                        0%        TD
  6.6.2.5 Listener attacks etc. 1521 1433 1527                       0%        TD
  6.6.3 Orm injection                                                0%        TD
  6.6.4 Ldap injection                                               0%        TD
  6.6.5 Xml injection                                                0%        TD
  6.6.6 Code injection                                               0%        TD
  6.7 Denial of Service Testing                                     95%        Review
  6.7.1 Locking Customer Accounts                                  100%        Review
  6.7.2 Buffer Overflows                                           100%        Review		
  6.7.3 User Specified Object Allocation                           100%        Review		
  6.7.4 User Input as a Loop Counter                               100%        Review
  6.7.5 Writing User Provided Data to Disk                         100%        Review
  6.7.6 Failure to Release Resources                               100%        Review
  6.7.7 Storing too Much Data in Session                            90%        Review
  6.8 Buffer overflow Testing                                      100%        Review		
  6.8.1 Heap overflow	                                            100%        Review
  6.8.2 Stack overflow                                             100%        Review
  6.8.3 Format string                                              100%        Review
  6.9 Infrastructure and configuration Testing                       0%         TD
   6.9.1 Intro and objective                                         0%         TD
   6.9.2 Infrastructure configuration management testing           100%         TD
   6.9.3 Application configuration management testing              100%         TD
   6.9.4 Old, backup and unreferenced files                        100%         TD	
   6.9.5 File extensions handling		                     90%         TD
   6.9.6 Analisys of error code                                     50%         TD		
   6.9.7 SSL/TLS Testing: support of weak                          100%         TD
             ciphers and certificate validity		
   6.9.8 Testing defense from Automatic                             10%         TD
             Attacks (maybe a duplicate)		
  6.10 Web Services Testing                                          0%         TD
  6.10.1 XML Structural Attacks                                      0%	TD
  6.10.2 XML content-level attacks	                              0%	TD
  6.10.3 HTTP GET parameters/REST attacks	                      0%	TD
  6.10.4 Naughty SOAP attachments	                              0%	TD
  6.10.5 Brute force attacks	                                      0%	TD
  6.11 AJAX Testing                                                  0%	TD
  6.11.1 Vulnerabilities	                                      0%	TD
  6.11.2  How to test	                                              0%	TD


7. The OWASP Testing Framework 95% (Review)

  7.1. Overview
  7.2. Phase 1 — Before Development Begins
         * Phase 1A: Policies and Standards Review
         * Phase 1B: Develop Measurement and Metrics Criteria 
           (Ensure Traceability) 
  7.3. Phase 2: During Definition and Design
         * Phase 2A: Security Requirements Review
         * Phase 2B: Design an Architecture Review
         * Phase 2C: Create and Review UML Models
         * Phase 2D: Create and Review Threat Models 
  7.4. Phase 3: During Development
         * Phase 3A: Code Walkthroughs
         * Phase 3B: Code Reviews 
  7.5. Phase 4: During Deployment
         * Phase 4A: Application Penetration Testing
         * Phase 4B: Configuration Management Testing 
  7.6. Phase 5: Maintenance and Operations
         * Phase 5A: Conduct Operational Management Reviews
         * Phase 5B: Conduct Periodic Health Checks
         * Phase 5C: Ensure Change Verification 
  7.7. A Typical SDLC Testing Workflow
         * Figure 3: Typical SDLC Testing Workflow. 

Appendix A: Testing Tools 95% (Review)

  1. Source Code Analyzers
         * Open Source / Freeware
         * Commercial 
  2. Black Box Scanners
         * Open Source
         * Commercial 
  3. Other Tools
         * Runtime Analysis
         * Binary Analysis
         * Requirements Management 

Appendix B: Suggested Reading 95% (Review)

  1. Whitepapers
  2. Books
  3. Articles
  4. Useful Websites
  5. OWASP — http://www.owasp.org 

Appendix C: Fuzz Vectors 95% (Review)