Difference between revisions of "Web Application Penetration Testing"

From OWASP
Jump to: navigation, search
(Web Application Penetration Testing)
(48 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== Web Application Penetration Testing ==
+
{{Template:OWASP Testing Guide v3}}
  
4.1 [[Introduction and objectives Testing AoC|Introduction and objectives]] (0%, TD) <br>
+
The following paragraphs describe the Web Application Penetration Testing Methology, split into the 11 subcategories:
4.2 [[Information Gathering Testing AoC|Information Gathering (spider, google)]] (0%, TD)<br>
+
4.3 [[Business logic testing AoC|Business logic testing]] (50%, TD)<br>
+
  
4.4 [[Authentication Testing Aoc|Authentication Testing]] (50%, TD) <br>
+
[[Testing: Introduction and objectives|'''4.1 Introduction and Objectives''']]
4.4.1 Default or guessable (dictionary) user account 90% TD<br>
+
4.4.2 Brute Force 0% TD<br>
+
4.4.3 Bypassing authentication schema 0% TD<br>
+
4.4.4 Vulnerable remember password and pwd reset 90% TD<br>
+
4.4.5 Logout and account expiry 0% TD<br>
+
  
4.5 [[Session Management Testing AoC|Session Management Testing]] (0%, TD) <br>
+
[[Testing: Information Gathering|'''4.2 Information Gathering''']]
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review<br>
+
4.5.2 Weak session tokens 70% TD<br>
+
4.5.3 Session Riding 100% Review<br>
+
4.5.4 Exposed session variables 0% TD<br>
+
4.5.5 HTTP Exploit 0% TD<br>
+
  
4.6 [[Data Validation Testing AoC|Data Validation Testing]] (0%, TD) <br>
+
[[Testing_for_configuration_management|'''4.3 Configuration Management Testing''']]
4.6.1 Cross site scripting 0% TD<br>
+
4.6.1.1 Incubated attacks 0% TD<br>
+
4.6.1.2 Phishing (using javascript) 0% TD<br>
+
4.6.1.3 HTTP Methods + XSS (TRACE) 0% TD<br>
+
4.6.2 SQL Injection 0% TD<br>
+
4.6.2.1 Oracle, mySQL, SQL Server, TeraData 0% TD<br>
+
4.6.2.2 Extended stored procedures 0% TD<br>
+
4.6.2.3 Stored procedure injection 0% TD<br>
+
4.6.2.4 Oracle +SQLServer ports and attacks 0% TD<br>
+
4.6.2.5 Listener attacks etc. 1521 1433 1527 0% TD<br>
+
4.6.3 Orm injection 0% TD<br>
+
4.6.4 Ldap injection 0% TD<br>
+
4.6.5 Xml injection 0% TD<br>
+
4.6.6 Code injection 0% TD<br>
+
4.6.7 Buffer overflow Testing 100% Review<br>
+
4.6.7.1 Heap overflow 100% Review<br>
+
4.6.7.2 Stack overflow 100% Review<br>
+
4.6.7.3 Format string 100% Review<br>
+
  
4.7 [[Denial of Service Testing AoC|Denial of Service Testing]] (95%, Review)<br>
+
[[Testing for business logic  (OWASP-BL-001)|'''4.4 Business logic testing''']]
4.7.1 Locking Customer Accounts 100% Review<br>
+
4.7.2 Buffer Overflows 100% Review<br>
+
4.7.3 User Specified Object Allocation 100% Review<br>
+
4.7.4 User Input as a Loop Counter 100% Review<br>
+
4.7.5 Writing User Provided Data to Disk 100% Review<br>
+
4.7.6 Failure to Release Resources 100% Review<br>
+
4.7.7 Storing too Much Data in Session 90% Review<br>
+
  
4.8 [[Infrastructure and configuration Testing AoC|Infrastructure and configuration Testing]] (0%, TD)<br>
+
[[Testing for authentication|'''4.5 Authentication Testing''']]
4.8.1 Intro and objective 0% TD<br>
+
4.8.2 Infrastructure configuration management testing 100% TD<br>
+
4.8.3 Application configuration management testing 100% TD<br>
+
4.8.4 Old, backup and unreferenced files 100% TD<br>
+
4.8.5 File extensions handling 90% TD<br>
+
4.8.6 Analisys of error code 50% TD<br>
+
4.8.7 SSL/TLS Testing: support of weak ciphers and cert validity 100% TD<br>
+
4.8.8 Testing defense from Automatic attacks (maybe a duplicate) 10% TD<br>
+
  
4.9 [[Web Services Testing AoC|Web Services Testing]] (0%, TD)<br>
+
[[Testing for Authorization|'''4.6 Authorization Testing''']]
4.9.1 XML Structural Attacks 0% TD<br>
+
4.9.2 XML content-level attacks 0% TD<br>
+
4.9.3 HTTP GET parameters/REST attacks 0% TD<br>
+
4.9.4 Naughty SOAP attachments 0% TD<br>
+
4.9.5 Brute force attacks 0% TD<br>
+
  
4.10 [[AJAX Testing AoC|AJAX Testing]] (0%, TD)<br>
+
[[Testing for Session Management|'''4.7 Session Management Testing''']]
4.10.1 Vulnerabilities 0% TD<br>
+
4.10.2 How to test 0% TD<br>
+
  
 +
[[Testing for Data Validation|'''4.8 Data Validation Testing''']]
  
[[Testing Guide v2 Table of Content]]
+
[[Testing for Denial of Service|'''4.9 Testing for Denial of Service''']]
 +
 
 +
[[Testing for Web Services|'''4.10 Web Services Testing''']]
 +
 
 +
[[Testing_for_AJAX:_introduction|'''4.11 Ajax Testing''']]

Revision as of 12:50, 7 December 2008

OWASP Testing Guide v3 Table of Contents

This article is part of the OWASP Testing Guide v3. The entire OWASP Testing Guide v3 can be downloaded here.

OWASP at the moment is working at the OWASP Testing Guide v4: you can browse the Guide here


The following paragraphs describe the Web Application Penetration Testing Methology, split into the 11 subcategories:

4.1 Introduction and Objectives

4.2 Information Gathering

4.3 Configuration Management Testing

4.4 Business logic testing

4.5 Authentication Testing

4.6 Authorization Testing

4.7 Session Management Testing

4.8 Data Validation Testing

4.9 Testing for Denial of Service

4.10 Web Services Testing

4.11 Ajax Testing