This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Testing for configuration management

Revision as of 17:06, 7 March 2014 by Davide Danelon (talk | contribs)

Jump to: navigation, search
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: Back to the OWASP Testing Guide Project:

4.3 Testing for configuration management

Testing for configuration management include the following articles:

4.3.1 Test Network/Infrastructure Configuration (OTG-CONFIG-001) formerly "Testing for Infrastructure Configuration Management Testing weakness (OWASP-CM-001)"

4.3.2 Test Application Platform Configuration (OTG-CONFIG-002) formerly "Testing for Application Configuration Management weakness (OWASP-CM-002)"

4.3.3 Test File Extensions Handling for Sensitive Information (OTG-CONFIG-003) formerly "Testing for File Extensions Handling (OWASP-CM-003)"

4.3.4 Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004) formerly "Old, Backup and Unreferenced Files (OWASP-CM-004)"

4.3.5 Enumerate Infrastructure and Application Admin Interfaces (OTG-CONFIG-005) formerly "Infrastructure and Application Admin Interfaces (OWASP-CM-005)"

4.3.6 Test HTTP Methods (OTG-CONFIG-006) formerly "Testing for Bad HTTP Methods (OWASP-CM-006)"

4.3.7 Test HTTP Strict Transport Security (OTG-CONFIG-009) formerly "Testing for Missing HSTS header (OWASP-CM-009)"

4.3.8 Test RIA cross domain policy (OTG-CONFIG-011) formerly "Testing for RIA policy files weakness (OWASP-CM-010)"