Difference between revisions of "Web Application Penetration Testing"

From OWASP
Jump to: navigation, search
(Web Application Penetration Testing)
(Web Application Penetration Testing)
Line 3: Line 3:
 
== Web Application Penetration Testing ==
 
== Web Application Penetration Testing ==
  
4.1 [[Introduction and objectives Testing AoC|Introduction and objectives]] (0%, TD) <br>
+
4.1 [[Introduction and objectives Testing AoC|Introduction and objectives]] <br>
4.2 [[Information Gathering Testing AoC|Information Gathering (spider, google)]] (0%, TD)<br>
+
4.2 [[Information Gathering Testing AoC|Information Gathering (spider, google)]]<br>
4.3 [[Business logic testing AoC|Business logic testing]] (50%, TD)<br>
+
4.2.1 Spidering and googling                    <br>
 +
4.2.2 Analisys of error code                    <br>
 +
4.2.3 Infrastructure configuration management testing<br>
 +
4.2.3.1 SSL/TLS Testing                        <br>
 +
4.2.3.2 DB Listener Testing                    <br>
 +
4.2.4 Application configuration management testing <br>
 +
4.2.4.1 File extensions handling                  <br>
 +
4.2.4.1 Old, backup and unreferenced files          <br>
  
4.4 [[Authentication Testing Aoc|Authentication Testing]] (50%, TD) <br>
+
4.3 [[Business logic testing AoC|Business logic testing]] <br>
4.4.1 Default or guessable (dictionary) user account 90% TD<br>
+
4.4.2 Brute Force 0% TD<br>
+
4.4.3 Bypassing authentication schema 0% TD<br>
+
4.4.4 Vulnerable remember password and pwd reset 90% TD<br>
+
4.4.5 Logout and account expiry 0% TD<br>
+
  
4.5 [[Session Management Testing AoC|Session Management Testing]] (0%, TD) <br>
+
4.4 [[Authentication Testing Aoc|Authentication Testing]] <br>
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review<br>
+
4.4.1 Default or guessable (dictionary) user account <br>
4.5.2 Weak session tokens 70% TD<br>
+
4.4.2 Brute Force 0%<br>
4.5.3 Session Riding 100% Review<br>
+
4.4.3 Bypassing authentication schema <br>
4.5.4 Exposed session variables 0% TD<br>
+
4.4.4 Directory traversal/file include <br>
4.5.5 HTTP Exploit 0% TD<br>
+
4.4.5 Vulnerable remember password and pwd reset <br>
 +
4.4.6 Logout and account expiry <br>
  
4.6 [[Data Validation Testing AoC|Data Validation Testing]] (0%, TD) <br>
+
4.5 [[Session Management Testing AoC|Session Management Testing]] <br>
4.6.1 Cross site scripting 0% TD<br>
+
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) <br>
4.6.1.1 Incubated attacks 0% TD<br>
+
4.5.2 Weak session tokens <br>
4.6.1.2 Phishing (using javascript) 0% TD<br>
+
4.5.3 Session Riding <br>
4.6.1.3 HTTP Methods + XSS (TRACE) 0% TD<br>
+
4.5.4 Exposed session variables 0% <br>
4.6.2 SQL Injection 0% TD<br>
+
4.5.5 HTTP Exploit <br>
4.6.2.1 Oracle, mySQL, SQL Server, TeraData 0% TD<br>
+
4.6.2.2 Extended stored procedures 0% TD<br>
+
4.6.2.3 Stored procedure injection 0% TD<br>
+
4.6.2.4 Oracle +SQLServer ports and attacks 0% TD<br>
+
4.6.2.5 Listener attacks etc. 1521 1433 1527 0% TD<br>
+
4.6.3 Command Execution 0%, TD <br>
+
Orm injection 0% TD,
+
ORM Injection,
+
LDAP Injection,
+
XML Injection,
+
SSI Injection,
+
XPath Injection,
+
SQL Injection,
+
IMAP/SMTP Injection,
+
Code Injection,
+
OS Commanding<br>
+
4.6.4 Buffer overflow Testing 100% Review<br>
+
4.6.4.1 Heap overflow 100% Review<br>
+
4.6.4.2 Stack overflow 100% Review<br>
+
4.6.4.3 Format string 100% Review<br>
+
  
4.7 [[Denial of Service Testing AoC|Denial of Service Testing]] (95%, Review)<br>
+
4.6 [[Data Validation Testing AoC|Data Validation Testing]] <br>
4.7.1 Locking Customer Accounts 100% Review<br>
+
4.6.1 Cross site scripting  <br>
4.7.2 Buffer Overflows 100% Review<br>
+
4.6.1.1 HTTP Methods and XST <br>
4.7.3 User Specified Object Allocation 100% Review<br>
+
4.6.2 SQL Injection <br>
4.7.4 User Input as a Loop Counter 100% Review<br>
+
4.6.2.1 Stored procedure injection  <br>
4.7.5 Writing User Provided Data to Disk 100% Review<br>
+
4.6.2.2 Oracle testing <br>
4.7.6 Failure to Release Resources 100% Review<br>
+
4.6.2.3 MySQL testing <br>
4.7.7 Storing too Much Data in Session 90% Review<br>
+
4.6.2.4 SQL Server testing <br>
 +
4.6.3 ORM Injection <br>
 +
4.6.4 LDAP Injection <br>
 +
4.6.5 XML Injection <br>
 +
4.6.6 SSI Injection <br>
 +
4.6.7 XPath Injection <br>
 +
4.6.8 IMAP/SMTP Injection <br>
 +
4.6.9 Code Injection <br>
 +
4.6.10 OS Commanding <br>
 +
4.6.11 Buffer overflow Testing <br>
 +
4.6.11.1 Heap overflow <br>
 +
4.6.11.2 Stack overflow <br>
 +
4.6.11.3 Format string <br>
 +
4.6.12 Incubated vulnerability testing <br>
  
4.8 [[Infrastructure and configuration Testing AoC|Infrastructure and configuration Testing]] (0%, TD)<br>
+
4.7 [[Denial of Service Testing AoC|Denial of Service Testing]] <br>
4.8.1 Infrastructure configuration management testing 100% TD<br>
+
4.7.1 Locking Customer Accounts <br>
4.8.2 Application configuration management testing 100% TD<br>
+
4.7.2 Buffer Overflows <br>
4.8.3 Old, backup and unreferenced files 100% TD<br>
+
4.7.3 User Specified Object Allocation <br>
4.8.4 File extensions handling 90% TD<br>
+
4.7.4 User Input as a Loop Counter <br>
4.8.5 Analisys of error code 50% TD<br>
+
4.7.5 Writing User Provided Data to Disk <br>
4.8.6 SSL/TLS Testing: support of weak ciphers and cert validity 100% TD<br>
+
4.7.6 Failure to Release Resources <br>
4.8.7 Testing defense from Automatic attacks (maybe a duplicate) 10% TD<br>
+
4.7.7 Storing too Much Data in Session <br>
  
4.9 [[Web Services Testing AoC|Web Services Testing]] (0%, TD)<br>
+
4.8 [[Infrastructure and configuration Testing AoC|Infrastructure and configuration Testing]]<br>
4.9.1 XML Structural Attacks 0% TD<br>
+
4.8.1 Infrastructure configuration management testing <br>
4.9.2 XML content-level attacks 0% TD<br>
+
4.8.2 Application configuration management testing <br>
4.9.3 HTTP GET parameters/REST attacks 0% TD<br>
+
4.8.3 Old, backup and unreferenced files <br>
4.9.4 Naughty SOAP attachments 0% TD<br>
+
4.8.4 File extensions handling <br>
4.9.5 Brute force attacks 0% TD<br>
+
4.8.5 Analisys of error code <br>
 +
4.8.6 SSL/TLS Testing: support of weak ciphers and cert validity <br>
 +
4.8.7 Testing defense from Automatic attacks (maybe a duplicate) <br>
  
4.10 [[AJAX Testing AoC|AJAX Testing]] (0%, TD)<br>
+
4.9 [[Web Services Testing AoC|Web Services Testing]] <br>
4.10.1 Vulnerabilities 0% TD<br>
+
4.9.1 XML Structural Testing <br>
4.10.2 How to test 0% TD<br>
+
4.9.2 XML content-level Testing <br>
 +
4.9.3 HTTP GET parameters/REST Testing <br>
 +
4.9.4 Naughty SOAP attachments <br>
 +
4.9.5 Brute Force Testing <br>
 +
 
 +
4.10 [[AJAX Testing AoC|AJAX Testing]] <br>
 +
4.10.1 Vulnerabilities <br>
 +
4.10.2 How to test <br>
  
  
 
[[OWASP_Testing_Guide_v2_Table_of_Contents]]
 
[[OWASP_Testing_Guide_v2_Table_of_Contents]]

Revision as of 15:54, 15 October 2006

Please refer to OWASP_Testing_Guide_v2_Table_of_Contents for updated information about the progress status of each article.

Web Application Penetration Testing

4.1 Introduction and objectives
4.2 Information Gathering (spider, google)
4.2.1 Spidering and googling
4.2.2 Analisys of error code
4.2.3 Infrastructure configuration management testing
4.2.3.1 SSL/TLS Testing
4.2.3.2 DB Listener Testing
4.2.4 Application configuration management testing
4.2.4.1 File extensions handling
4.2.4.1 Old, backup and unreferenced files

4.3 Business logic testing

4.4 Authentication Testing
4.4.1 Default or guessable (dictionary) user account
4.4.2 Brute Force 0%
4.4.3 Bypassing authentication schema
4.4.4 Directory traversal/file include
4.4.5 Vulnerable remember password and pwd reset
4.4.6 Logout and account expiry

4.5 Session Management Testing
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force)
4.5.2 Weak session tokens
4.5.3 Session Riding
4.5.4 Exposed session variables 0%
4.5.5 HTTP Exploit

4.6 Data Validation Testing
4.6.1 Cross site scripting
4.6.1.1 HTTP Methods and XST
4.6.2 SQL Injection
4.6.2.1 Stored procedure injection
4.6.2.2 Oracle testing
4.6.2.3 MySQL testing
4.6.2.4 SQL Server testing
4.6.3 ORM Injection
4.6.4 LDAP Injection
4.6.5 XML Injection
4.6.6 SSI Injection
4.6.7 XPath Injection
4.6.8 IMAP/SMTP Injection
4.6.9 Code Injection
4.6.10 OS Commanding
4.6.11 Buffer overflow Testing
4.6.11.1 Heap overflow
4.6.11.2 Stack overflow
4.6.11.3 Format string
4.6.12 Incubated vulnerability testing

4.7 Denial of Service Testing
4.7.1 Locking Customer Accounts
4.7.2 Buffer Overflows
4.7.3 User Specified Object Allocation
4.7.4 User Input as a Loop Counter
4.7.5 Writing User Provided Data to Disk
4.7.6 Failure to Release Resources
4.7.7 Storing too Much Data in Session

4.8 Infrastructure and configuration Testing
4.8.1 Infrastructure configuration management testing
4.8.2 Application configuration management testing
4.8.3 Old, backup and unreferenced files
4.8.4 File extensions handling
4.8.5 Analisys of error code
4.8.6 SSL/TLS Testing: support of weak ciphers and cert validity
4.8.7 Testing defense from Automatic attacks (maybe a duplicate)

4.9 Web Services Testing
4.9.1 XML Structural Testing
4.9.2 XML content-level Testing
4.9.3 HTTP GET parameters/REST Testing
4.9.4 Naughty SOAP attachments
4.9.5 Brute Force Testing

4.10 AJAX Testing
4.10.1 Vulnerabilities
4.10.2 How to test


OWASP_Testing_Guide_v2_Table_of_Contents