Difference between revisions of "Web Application Penetration Testing"

From OWASP
Jump to: navigation, search
(Final edit)
(48 intermediate revisions by 9 users not shown)
Line 1: Line 1:
Please refer to [[OWASP_Testing_Guide_v2_Table_of_Contents]] for updated information about the progress status of each article.
+
{{Template:OWASP Testing Guide v4}}
  
== Web Application Penetration Testing ==
+
The following sections describe the 12 subcategories of the  Web Application Penetration Testing Methodology:
  
4.1 [[Introduction and objectives Testing AoC|Introduction and objectives]] (0%, TD) <br>
+
[[Testing: Introduction and objectives|'''4.1 Introduction and Objectives''']]
4.2 [[Information Gathering Testing AoC|Information Gathering (spider, google)]] (0%, TD)<br>
+
4.3 [[Business logic testing AoC|Business logic testing]] (50%, TD)<br>
+
  
4.4 [[Authentication Testing Aoc|Authentication Testing]] (50%, TD) <br>
+
[[Testing Information Gathering|'''4.2 Information Gathering ''']]
4.4.1 Default or guessable (dictionary) user account 90% TD<br>
+
4.4.2 Brute Force 0% TD<br>
+
4.4.3 Bypassing authentication schema 0% TD<br>
+
4.4.4 Vulnerable remember password and pwd reset 90% TD<br>
+
4.4.5 Logout and account expiry 0% TD<br>
+
  
4.5 [[Session Management Testing AoC|Session Management Testing]] (0%, TD) <br>
+
[[Testing for configuration management|'''4.3 Configuration and Deploy Management Testing ''']]
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review<br>
+
4.5.2 Weak session tokens 70% TD<br>
+
4.5.3 Session Riding 100% Review<br>
+
4.5.4 Exposed session variables 0% TD<br>
+
4.5.5 HTTP Exploit 0% TD<br>
+
  
4.6 [[Data Validation Testing AoC|Data Validation Testing]] (0%, TD) <br>
+
[[Testing Identity Management|'''4.4 Identity Management Testing''']]
4.6.1 Cross site scripting 0% TD<br>
+
4.6.1.1 Incubated attacks 0% TD<br>
+
4.6.1.2 Phishing (using javascript) 0% TD<br>
+
4.6.1.3 HTTP Methods + XSS (TRACE) 0% TD<br>
+
4.6.2 SQL Injection 0% TD<br>
+
4.6.2.1 Oracle, mySQL, SQL Server, TeraData 0% TD<br>
+
4.6.2.2 Extended stored procedures 0% TD<br>
+
4.6.2.3 Stored procedure injection 0% TD<br>
+
4.6.2.4 Oracle +SQLServer ports and attacks 0% TD<br>
+
4.6.2.5 Listener attacks etc. 1521 1433 1527 0% TD<br>
+
4.6.3 Command Execution 0%, TD <br>
+
Orm injection 0% TD,
+
ORM Injection,
+
LDAP Injection,
+
XML Injection,
+
SSI Injection,
+
XPath Injection,
+
SQL Injection,
+
IMAP/SMTP Injection,
+
Code Injection,
+
OS Commanding<br>
+
4.6.4 Buffer overflow Testing 100% Review<br>
+
4.6.4.1 Heap overflow 100% Review<br>
+
4.6.4.2 Stack overflow 100% Review<br>
+
4.6.4.3 Format string 100% Review<br>
+
  
4.7 [[Denial of Service Testing AoC|Denial of Service Testing]] (95%, Review)<br>
+
[[Testing for authentication|'''4.5 Authentication Testing ''']]  
4.7.1 Locking Customer Accounts 100% Review<br>
+
4.7.2 Buffer Overflows 100% Review<br>
+
4.7.3 User Specified Object Allocation 100% Review<br>
+
4.7.4 User Input as a Loop Counter 100% Review<br>
+
4.7.5 Writing User Provided Data to Disk 100% Review<br>
+
4.7.6 Failure to Release Resources 100% Review<br>
+
4.7.7 Storing too Much Data in Session 90% Review<br>
+
  
4.8 [[Infrastructure and configuration Testing AoC|Infrastructure and configuration Testing]] (0%, TD)<br>
+
[[Testing for Authorization|'''4.6 Authorization Testing''']]
4.8.1 Intro and objective 0% TD<br>
+
4.8.2 Infrastructure configuration management testing 100% TD<br>
+
4.8.3 Application configuration management testing 100% TD<br>
+
4.8.4 Old, backup and unreferenced files 100% TD<br>
+
4.8.5 File extensions handling 90% TD<br>
+
4.8.6 Analisys of error code 50% TD<br>
+
4.8.7 SSL/TLS Testing: support of weak ciphers and cert validity 100% TD<br>
+
4.8.8 Testing defense from Automatic attacks (maybe a duplicate) 10% TD<br>
+
  
4.9 [[Web Services Testing AoC|Web Services Testing]] (0%, TD)<br>
+
[[Testing for Session Management|'''4.7 Session Management Testing''']]
4.9.1 XML Structural Attacks 0% TD<br>
+
4.9.2 XML content-level attacks 0% TD<br>
+
4.9.3 HTTP GET parameters/REST attacks 0% TD<br>
+
4.9.4 Naughty SOAP attachments 0% TD<br>
+
4.9.5 Brute force attacks 0% TD<br>
+
  
4.10 [[AJAX Testing AoC|AJAX Testing]] (0%, TD)<br>
+
[[Testing for Data Validation|'''4.8 Data Validation Testing''']]  
4.10.1 Vulnerabilities 0% TD<br>
+
4.10.2 How to test 0% TD<br>
+
  
 +
[[Error Handling|'''4.9 Error Handling''']]
  
[[OWASP_Testing_Guide_v2_Table_of_Contents]]
+
[[Cryptography|'''4.10 Cryptography''']]
 +
 
 +
[[Testing for business logic|'''4.11 Business Logic Testing ''']]
 +
 
 +
[[Client Side Testing|'''4.12 Client Side Testing''']]

Revision as of 03:06, 13 May 2014

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project


The following sections describe the 12 subcategories of the Web Application Penetration Testing Methodology:

4.1 Introduction and Objectives

4.2 Information Gathering

4.3 Configuration and Deploy Management Testing

4.4 Identity Management Testing

4.5 Authentication Testing

4.6 Authorization Testing

4.7 Session Management Testing

4.8 Data Validation Testing

4.9 Error Handling

4.10 Cryptography

4.11 Business Logic Testing

4.12 Client Side Testing