Testing for configuration management

 4.3 Testing for configuration management 

Often analysis of the infrastructure and topology architecture can reveal a great deal about a web application. Information such as source code, HTTP methods permitted, administrative functionality, authentication methods, and infrastructural configurations can be obtained.

4.3.1 Test Network/Infrastructure Configuration (OTG-CONFIG-001) formerly "Testing for Infrastructure Configuration Management Testing weakness (OWASP-CM-001)"

4.3.2 Test Application Platform Configuration (OTG-CONFIG-002) formerly "Testing for Application Configuration Management weakness (OWASP-CM-002)"  [Amro AlOlaqi] Ready to be reviewed

4.3.3 Test File Extensions Handling for Sensitive Information (OTG-CONFIG-003) formerly "Testing for File Extensions Handling  (OWASP-CM-003)"

4.3.4 Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004) formerly "Old, Backup and Unreferenced Files (OWASP-CM-004)"

4.3.5 Enumerate Infrastructure and Application Admin Interfaces (OTG-CONFIG-005) formerly "Infrastructure and Application Admin Interfaces  (OWASP-CM-005)" [Amro AlOlaqi] Ready to be reviewed

4.3.6 Test HTTP Methods (OTG-CONFIG-006) formerly "Testing for Bad HTTP Methods (OWASP-CM-006)"

4.3.7 Test HTTP Strict Transport Security (OTG-CONFIG-009) formerly "Testing for Missing HSTS header (OWASP-CM-009)"

4.3.8 Test RIA cross domain policy (OTG-CONFIG-011) formerly "Testing for RIA policy files weakness (OWASP-CM-010)"