This article is part of the new OWASP Testing Guide v4.
At the moment the project is in the REVIEW phase.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project
Traditionally the HTTP protocol has been stateless, only allowing one request and response per TCP connection.
Description of the Issue
Black Box testing and example
How to test using black box approach.
Gray Box testing
- "HTML5 Rocks" - Introducing WebSockets: Bringing Sockets to the Web: http://www.technicalinfo.net/papers/CSS.html
- OWASP Zed Attack Proxy (ZAP) - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.