User:Jcpraud

From OWASP
Jump to: navigation, search

Information Security Consultant Formerly Privacy & Information Officer at F-Secure Bordeaux (content cloud business line) CISSP Master in Information Systems Risk Management 20+ years of experience in IT, web & application development, sysadmin, databases, including security aspects of all these domains. Knowledge & skills: Java, Linux, OpenBSD, Agile methods (Scrum, Kanban), Architecture Security (STRIDE), ISO27K, Risk Management, Incident Management.


(WIP) French translation of the Testing Guide:

Testing Guide FR Translation - JCP Notes


4.7 Test de management de sessions

4.7.1_Tester_le_système_de_management_des_sessions_(OTG-SESS-001)

4.7.2 Tester les attributs des cookies (OTG-SESS-002)

4.7.3 Tester les fixations de session (OTG-SESS-003)

4.7.4 Tester les variables de session exposées (OTG-SESS-004)

4.7.5 Tester les CSRF (OTG-SESS-005)

4.7.6 Tester les fonctionnalités de déconnexion (OTG-SESS-006)

4.7.7 Tester l'expiration de session (OTG-SESS-007)

4.7.8 Tester la confusion de session (OTG-SESS-008)


4.8 Tester la validation des entrées

4.8.1 Test de Reflected Cross-Site Scripting (OTG-INPVAL-001)

4.8.2 Test de Stored Cross-Site Scripting (OTG-INPVAL-002)

4.8.3 Test d'HTTP Verb Tampering (OTG-INPVAL-003)

4.8.4 Test d'HTTP Parameter pollution (OTG-INPVAL-004)

4.8.5 Test d'Injection SQL (OTG-INPVAL-005)

4.8.5.1 Tester Oracle

4.8.5.2 Tester MySQL

4.8.5.3 Tester SQL Server

4.8.5.4 Tester PostgreSQL (from OWASP BSP)

4.8.5.5 Tester MS Access

4.8.5.6 Tester les injections NoSQL

4.8.6 Tester les injections LDAP (OTG-INPVAL-006)

4.8.7 Tester les injections ORM (OTG-INPVAL-007)

4.8.8 Tester les injections XML (OTG-INPVAL-008)

4.8.9 Tester les injections SSI (OTG-INPVAL-009)

4.8.10 Tester les injections XPath (OTG-INPVAL-010)

4.8.11 Injections IMAP SMTP (OTG-INPVAL-011)

4.8.12 Tester les injections de code (OTG-INPVAL-012)

4.8.12.1 Tester l'inclusion de fichiers locaux

4.8.12.2 Tester l'inclusion de fichiers distants

4.8.13 Tester les injections de commandes (OTG-INPVAL-013)

4.8.14 Tester les débordements de tampons (OTG-INPVAL-014)

4.8.14.1 Tester les débordements de tas

4.8.14.2 Tester les débordements de pile

4.8.14.3 Tester les format string

4.8.15 Tester les incubated vulnerabilities (OTG-INPVAL-015)

4.8.16 Tester l'HTTP Splitting Smuggling (OTG-INPVAL-016)