Web Application Penetration Testing

The following paragraphs describe the Web Application Penetration Testing Methology, split into the 11 subcategories:

4.1 Introduction and Objectives

4.2 Information Gathering 

4.3 Configuration and Deploy Management Testing 

4.4 Identity Management Testing

4.5 Authentication Testing 

4.6 Authorization Testing

4.7 Session Management Testing

4.8 Data Validation Testing

4.9 Error Handling

4.10 Cryptography

4.11 Business Logic Testing (OWASP-BL-001)

4.12 Client Side Testing [New!]