Difference between revisions of "Web Application Penetration Testing"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
Please refer to [[OWASP_Testing_Guide_v2_Table_of_Contents]] for updated information about the progress status of each article.
+
==[[Web Application Penetration Testing |4. Web Application Penetration Testing ]]==
  
== Web Application Penetration Testing ==
+
[[Testing: Introduction and objectives|'''4.1 Introduction and objectives''']] <br>
  
[[Introduction and objectives Testing AoC|'''4.1 Introduction and objectives''']] <br>
+
[[Testing: Information Gathering|'''4.2 Information Gathering''']]<br>
 
+
[[Information Gathering Testing AoC|'''4.2 Information Gathering''']]<br>
+
  
 
[[Testing for Web Application Fingerprint|4.2.1 Testing Web Application Fingerprint]]<br>
 
[[Testing for Web Application Fingerprint|4.2.1 Testing Web Application Fingerprint]]<br>
[[Application Discovery AoC|4.2.2 Application Discovery]]<br>
+
[[Testing for Application Discovery|4.2.2 Application Discovery]]<br>
[[Spidering and googling AoC|4.2.3 Spidering and googling]]                    <br>
+
[[Testing: Spidering and googling|4.2.3 Spidering and googling]]                    <br>
 
[[Testing for Error Code|4.2.4 Analysis of error code]]                    <br>
 
[[Testing for Error Code|4.2.4 Analysis of error code]]                    <br>
[[Infrastructure configuration management testing AoC|4.2.5 Infrastructure configuration management testing]]<br>
+
[[Testing for infrastructure configuration management|4.2.5 Infrastructure configuration management testing]]<br>
[[SSL/TLS Testing AoC|4.2.5.1 SSL/TLS Testing                        ]]<br>
+
[[Testing for SSL-TLS|4.2.5.1 SSL/TLS Testing                        ]]<br>
[[DB Listener Testing AoC|4.2.5.2 DB Listener Testing                    ]]<br>
+
[[Testing for DB Listener|4.2.5.2 DB Listener Testing                    ]]<br>
[[Application configuration management testing AoC|4.2.6 Application configuration management testing]] <br>
+
[[Testing for application configuration management|4.2.6 Application configuration management testing]] <br>
[[File extensions handling AoC|4.2.6.1 File extensions handling                  ]]<br>
+
[[Testing for file extensions handling|4.2.6.1 File extensions handling                  ]]<br>
[[Old_file_testing_AoC|4.2.6.2 Old, backup and unreferenced files          ]]<br>
+
[[Testing for old_file|4.2.6.2 Old, backup and unreferenced files          ]]<br>
  
[[Business logic testing AoC|'''4.3 Business logic testing''']] <br>
+
[[Testing for business logic|'''4.3 Business logic testing''']] <br>
  
[[Authentication Testing Aoc|'''4.4 Authentication Testing''']]  <br>
+
[[Testing for authentication|'''4.4 Authentication Testing''']]  <br>
[[Default or Guessable User Account Testing AoC|4.4.1 Default or guessable (dictionary) user account]]<br>
+
[[Testing for Default or Guessable User Account|4.4.1 Default or guessable (dictionary) user account]]<br>
[[Brute Force Testing AoC|4.4.2 Brute Force]]<br>
+
[[Testing for Brute Force|4.4.2 Brute Force]]<br>
[[Bypassing Authentication Schema AoC|4.4.3 Bypassing authentication schema]]<br>
+
[[Testing for Bypassing Authentication Schema|4.4.3 Bypassing authentication schema]]<br>
[[Directory Traversal Testing AoC|4.4.4 Directory traversal/file include]] <br>
+
[[Testing for Directory Traversal|4.4.4 Directory traversal/file include]] <br>
[[Vulnerable Remember Password and Pwd Reset AoC|4.4.5 Vulnerable remember password and pwd reset]]<br>
+
[[Testing for Vulnerable Remember Password and Pwd Reset|4.4.5 Vulnerable remember password and pwd reset]]<br>
[[Logout and Browser Cache Management Testing AoC|4.4.6 Logout and Browser Cache Management Testing]]<br>
+
[[Testing for Logout and Browser Cache Management|4.4.6 Logout and Browser Cache Management Testing]]<br>
  
[[Session Management Testing AoC|'''4.5 Session Management Testing''']] <br>
+
[[Testing for Session Management|'''4.5 Session Management Testing''']] <br>
[[ Analysis_of_the_Session_Management_Schema_AoC|4.5.1 Analysis of the Session Management Schema]] <br>
+
[[Testing for Session_Management_Schema|4.5.1 Analysis of the Session Management Schema]] <br>
[[ Cookie and Session Token Manipulation AoC|4.5.2 Cookie and Session Token Manipulation]]<br>
+
[[Testing for Cookie and Session Token Manipulation|4.5.2 Cookie and Session Token Manipulation]]<br>
[[ Exposed Session Variables AoC|4.5.3 Exposed Session Variables ]]<br>
+
[[Testing for Exposed Session Variables|4.5.3 Exposed Session Variables ]]<br>
[[ Session Riding AoC|4.5.4 Session Riding ]]<br>
+
[[Testing for Session Riding|4.5.4 Session Riding ]]<br>
[[ HTTP Exploit AoC|4.5.5 HTTP Exploit ]]<br>
+
[[Testing for HTTP Exploit|4.5.5 HTTP Exploit ]]<br>
  
[[Data Validation Testing AoC|'''4.6 Data Validation Testing''']] <br>
+
[[Testing for Data Validation|'''4.6 Data Validation Testing''']] <br>
[[Cross site scripting AoC|4.6.1 Cross Site Scripting]]<br>
+
[[Testing for Cross site scripting|4.6.1 Cross Site Scripting]]<br>
[[HTTP Methods and XST AoC|4.6.1.1 HTTP Methods and XST ]]<br>
+
[[Testing for HTTP Methods and XST|4.6.1.1 HTTP Methods and XST ]]<br>
 
[[Testing for SQL Injection|4.6.2 SQL Injection ]]<br>
 
[[Testing for SQL Injection|4.6.2 SQL Injection ]]<br>
[[Stored Procedure Injection AoC| Stored procedure injection (moving to Testing for SQL Injection testing) ]]<br>
+
[[Testing for Oracle|4.6.2.1 Oracle Testing ]]<br>
[[Oracle Testing AoC|4.6.2.1 Oracle Testing ]]<br>
+
[[Testing for MySQL|4.6.2.2 MySQL Testing ]]<br>
[[MySQL Testing AoC|4.6.2.2 MySQL Testing ]]<br>
+
[[Testing for SQL Server|4.6.2.3 SQL Server Testing ]]<br>
[[SQL Server Testing AoC|4.6.2.3 SQL Server Testing ]]<br>
+
 
+
[[LDAP Injection Testing AoC|4.6.3 LDAP Injection]]<br>
+
[[ORM Injection Testing AoC|4.6.4 ORM Injection]]<br>
+
[[XML Injection Testing AoC|4.6.5 XML Injection]]<br>
+
[[SSI Injection Testing AoC|4.6.6 SSI Injection]]<br>
+
[[XPath Injection Testing AoC|4.6.7 XPath Injection]]<br>
+
[[IMAP/SMTP Injection Testing AoC|4.6.8 IMAP/SMTP Injection]]<br>
+
[[Code Injection Testing AoC|4.6.9 Code Injection]]<br>
+
[[OS Commanding Testing AoC|4.6.10 OS Commanding]]<br>
+
  
[[Buffer Overflow Testing AoC|4.6.11 Buffer overflow Testing ]]<br>
+
[[Testing for LDAP Injection|4.6.3 LDAP Injection]]<br>
[[Heap Overflow Testing AoC|4.6.11.1 Heap overflow ]]<br>
+
[[Testing for ORM Injection|4.6.4 ORM Injection]]<br>
[[Stack Overflow Testing AoC|4.6.11.2 Stack overflow ]]<br>
+
[[Testing for XML Injection|4.6.5 XML Injection]]<br>
[[Format String Testing AoC|4.6.11.3 Format string ]]<br>
+
[[Testing for SSI Injection|4.6.6 SSI Injection]]<br>
 +
[[Testing for XPath Injection|4.6.7 XPath Injection]]<br>
 +
[[Testing for IMAP/SMTP Injection|4.6.8 IMAP/SMTP Injection]]<br>
 +
[[Testing for Code Injection|4.6.9 Code Injection]]<br>
 +
[[Testing for OS Commanding|4.6.10 OS Commanding]]<br>
  
[[Incubated Vulnerability Testing AoC|4.6.12 Incubated vulnerability testing]] <br>
+
[[Testing for Buffer Overflow|4.6.11 Buffer overflow Testing ]]<br>
 +
[[Testing for Heap Overflow|4.6.11.1 Heap overflow ]]<br>
 +
[[Testing for Stack Overflow|4.6.11.2 Stack overflow ]]<br>
 +
[[Testing for Format String|4.6.11.3 Format string ]]<br>
  
[[Denial of Service Testing AoC|'''4.7 Denial of Service Testing''']] <br>
+
[[Testing for Incubated Vulnerability|4.6.12 Incubated vulnerability testing]] <br>
[[DoS Testing: Locking Customer Accounts|4.7.1 Locking Customer Accounts]]<br>
+
[[DoS Testing: Buffer Overflows|4.7.2 Buffer Overflows]] <br>
+
[[DoS Testing: User Specified Object Allocation|4.7.3 User Specified Object Allocation]] <br>
+
[[DoS Testing: User Input as a Loop Counter|4.7.4 User Input as a Loop Counter]] <br>
+
[[DoS Testing: Writing User Provided Data to Disk|4.7.5 Writing User Provided Data to Disk]]<br>
+
[[DoS Testing: Failure to Release Resources|4.7.6 Failure to Release Resources]] <br>
+
[[DoS Testing: Storing too Much Data in Session|4.7.7 Storing too Much Data in Session]]<br>
+
  
[[Web Services Testing AoC|'''4.8 Web Services Testing''']] <br>
+
[[Testing for Denial of Service|'''4.7 Denial of Service Testing''']] <br>
[[XML Structural Testing AoC|4.8.1 XML Structural Testing ]]<br>
+
[[Testing for DoS Locking Customer Accounts|4.7.1 Locking Customer Accounts]]<br>
[[XML Content-Level Testing AoC|4.8.2 XML Content-level Testing ]]<br>
+
[[Testing for DoS Buffer Overflows|4.7.2 Buffer Overflows]] <br>
[[WS HTTP GET parameters/REST attacks AoC|4.8.3 HTTP GET parameters/REST Testing ]]<br>
+
[[Testing for DoS User Specified Object Allocation|4.7.3 User Specified Object Allocation]] <br>
[[Naughty SOAP attachments AoC|4.8.4 Naughty SOAP attachments ]]<br>
+
[[Testing for User Input as a Loop Counter|4.7.4 User Input as a Loop Counter]] <br>
[[WS Replay Testing|4.8.5 Replay Testing ]]<br>
+
[[Testing for Writing User Provided Data to Disk|4.7.5 Writing User Provided Data to Disk]]<br>
 +
[[Testing for DoS Failure to Release Resources|4.7.6 Failure to Release Resources]] <br>
 +
[[Testing for Storing too Much Data in Session|4.7.7 Storing too Much Data in Session]]<br>
  
[[AJAX Testing AoC|'''4.9 AJAX Testing''']] <br>
+
[[Testing for Web Services|'''4.8 Web Services Testing''']] <br>
[[AJAX Vulnerabilities AoC |4.9.1 AJAX Vulnerabilities ]]<br>
+
[[Testing for XML Structural|4.8.1 XML Structural Testing ]]<br>
[[AJAX How to test AoC|4.9.2 How to test AJAX ]]<br>
+
[[Testing for XML Content-Level|4.8.2 XML Content-level Testing ]]<br>
 +
[[Testing for WS HTTP GET parameters/REST attacks|4.8.3 HTTP GET parameters/REST Testing ]]<br>
 +
[[Testing for Naughty SOAP Attachments|4.8.4 Naughty SOAP attachments ]]<br>
 +
[[Testing for WS Replay|4.8.5 Replay Testing ]]<br>
  
[[OWASP_Testing_Guide_v2_Table_of_Contents]]
+
[[Testing_for_AJAX:_introduction|'''4.9 AJAX Testing''']] <br>
 +
[[Testing for AJAX Vulnerabilities|4.9.1 AJAX Vulnerabilities ]]<br>
 +
[[Testing for AJAX|4.9.2 How to test AJAX ]]<br>

Revision as of 11:25, 30 December 2006

4. Web Application Penetration Testing

4.1 Introduction and objectives

4.2 Information Gathering

4.2.1 Testing Web Application Fingerprint
4.2.2 Application Discovery
4.2.3 Spidering and googling
4.2.4 Analysis of error code
4.2.5 Infrastructure configuration management testing
4.2.5.1 SSL/TLS Testing
4.2.5.2 DB Listener Testing
4.2.6 Application configuration management testing
4.2.6.1 File extensions handling
4.2.6.2 Old, backup and unreferenced files

4.3 Business logic testing

4.4 Authentication Testing
4.4.1 Default or guessable (dictionary) user account
4.4.2 Brute Force
4.4.3 Bypassing authentication schema
4.4.4 Directory traversal/file include
4.4.5 Vulnerable remember password and pwd reset
4.4.6 Logout and Browser Cache Management Testing

4.5 Session Management Testing
4.5.1 Analysis of the Session Management Schema
4.5.2 Cookie and Session Token Manipulation
4.5.3 Exposed Session Variables
4.5.4 Session Riding
4.5.5 HTTP Exploit

4.6 Data Validation Testing
4.6.1 Cross Site Scripting
4.6.1.1 HTTP Methods and XST
4.6.2 SQL Injection
4.6.2.1 Oracle Testing
4.6.2.2 MySQL Testing
4.6.2.3 SQL Server Testing

4.6.3 LDAP Injection
4.6.4 ORM Injection
4.6.5 XML Injection
4.6.6 SSI Injection
4.6.7 XPath Injection
4.6.8 IMAP/SMTP Injection
4.6.9 Code Injection
4.6.10 OS Commanding

4.6.11 Buffer overflow Testing
4.6.11.1 Heap overflow
4.6.11.2 Stack overflow
4.6.11.3 Format string

4.6.12 Incubated vulnerability testing

4.7 Denial of Service Testing
4.7.1 Locking Customer Accounts
4.7.2 Buffer Overflows
4.7.3 User Specified Object Allocation
4.7.4 User Input as a Loop Counter
4.7.5 Writing User Provided Data to Disk
4.7.6 Failure to Release Resources
4.7.7 Storing too Much Data in Session

4.8 Web Services Testing
4.8.1 XML Structural Testing
4.8.2 XML Content-level Testing
4.8.3 HTTP GET parameters/REST Testing
4.8.4 Naughty SOAP attachments
4.8.5 Replay Testing

4.9 AJAX Testing
4.9.1 AJAX Vulnerabilities
4.9.2 How to test AJAX