Difference between revisions of "Security Testing Cheat Sheet"

From OWASP
Jump to: navigation, search
(Created page with "== DRAFT CHEAT SHEET - WORK IN PROGRESS == == Introduction == This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat...")
 
(Set up headers.)
 
Line 13: Line 13:
  
 
Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.
 
Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.
 +
 +
=== Injection ===
 +
 +
=== Authentication and Authorization ===
 +
 +
=== Session management ===
 +
 +
=== Configuration ===
 +
 +
=== Compliance ===
 +
 +
==== PCI ====
 +
 +
==== HIPPA ====
 +
 +
=== Handling data ===
 +
 +
=== Technology Specific Tests ===
 +
 +
==== PHP ====
 +
 +
==== Microsoft ====
 +
 +
==== Ruby on Rails ====
 +
 +
==== Adobe ====
 +
 +
==== Java ====
 +
 +
==== JavaScript Frameworks ====
 +
 +
=== Configuration ===
 +
 +
=== Cross Site Request Forgery ===
 +
  
 
== Authors and Primary Editors  ==
 
== Authors and Primary Editors  ==

Latest revision as of 22:27, 22 March 2013

Contents

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat sheet is to act as a starting point for a comprehensive QA Test Plan for security of web applications.

Testing Tools

Testing web applications is difficult without tools. The following tools are the common set for QA professionals to accomplish all of the test cases in the security test plan.

  • Zed Attack Proxy
  • WebScarab

Security Test Plan

Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.

Injection

Authentication and Authorization

Session management

Configuration

Compliance

PCI

HIPPA

Handling data

Technology Specific Tests

PHP

Microsoft

Ruby on Rails

Adobe

Java

JavaScript Frameworks

Configuration

Cross Site Request Forgery

Authors and Primary Editors

Bill Sempf - bill.sempf [at] owasp.org User:Bill Sempf

Other Cheatsheets

OWASP Cheat Sheets Project Homepage

Developer Cheat Sheets (Builder)

Assessment Cheat Sheets (Breaker)

Mobile Cheat Sheets

OpSec Cheat Sheets (Defender)

Draft Cheat Sheets