Difference between revisions of "Web Application Penetration Testing"

From OWASP
Jump to: navigation, search
(47 intermediate revisions by 8 users not shown)
Line 1: Line 1:
[[OWASP_Testing_Guide_v2_Table_of_Contents]]
+
{{Template:OWASP Testing Guide v3}}
  
== Web Application Penetration Testing ==
+
The following paragraphs describe the Web Application Penetration Testing Methology, split into the 11 subcategories:
  
4.1 [[Introduction and objectives Testing AoC|Introduction and objectives]] (0%, TD) <br>
+
[[Testing: Introduction and objectives|'''4.1 Introduction and Objectives''']]
4.2 [[Information Gathering Testing AoC|Information Gathering (spider, google)]] (0%, TD)<br>
+
4.3 [[Business logic testing AoC|Business logic testing]] (50%, TD)<br>
+
  
4.4 [[Authentication Testing Aoc|Authentication Testing]] (50%, TD) <br>
+
[[Testing: Information Gathering|'''4.2 Information Gathering''']]
4.4.1 Default or guessable (dictionary) user account 90% TD<br>
+
4.4.2 Brute Force 0% TD<br>
+
4.4.3 Bypassing authentication schema 0% TD<br>
+
4.4.4 Vulnerable remember password and pwd reset 90% TD<br>
+
4.4.5 Logout and account expiry 0% TD<br>
+
  
4.5 [[Session Management Testing AoC|Session Management Testing]] (0%, TD) <br>
+
[[Testing_for_configuration_management|'''4.3 Configuration Management Testing''']]
4.5.1 Cookie and Session token Manipulation(reg, forg/brute force) 100% Review<br>
+
4.5.2 Weak session tokens 70% TD<br>
+
4.5.3 Session Riding 100% Review<br>
+
4.5.4 Exposed session variables 0% TD<br>
+
4.5.5 HTTP Exploit 0% TD<br>
+
  
4.6 [[Data Validation Testing AoC|Data Validation Testing]] (0%, TD) <br>
+
[[Testing for business logic  (OWASP-BL-001)|'''4.4 Business logic testing''']]
4.6.1 Cross site scripting 0% TD<br>
+
4.6.1.1 Incubated attacks 0% TD<br>
+
4.6.1.2 Phishing (using javascript) 0% TD<br>
+
4.6.1.3 HTTP Methods + XSS (TRACE) 0% TD<br>
+
4.6.2 SQL Injection 0% TD<br>
+
4.6.2.1 Oracle, mySQL, SQL Server, TeraData 0% TD<br>
+
4.6.2.2 Extended stored procedures 0% TD<br>
+
4.6.2.3 Stored procedure injection 0% TD<br>
+
4.6.2.4 Oracle +SQLServer ports and attacks 0% TD<br>
+
4.6.2.5 Listener attacks etc. 1521 1433 1527 0% TD<br>
+
4.6.3 Orm injection 0% TD<br>
+
4.6.4 Ldap injection 0% TD<br>
+
4.6.5 Xml injection 0% TD<br>
+
4.6.6 Code injection 0% TD<br>
+
4.6.7 Buffer overflow Testing 100% Review<br>
+
4.6.7.1 Heap overflow 100% Review<br>
+
4.6.7.2 Stack overflow 100% Review<br>
+
4.6.7.3 Format string 100% Review<br>
+
  
4.7 [[Denial of Service Testing AoC|Denial of Service Testing]] (95%, Review)<br>
+
[[Testing for authentication|'''4.5 Authentication Testing''']]
4.7.1 Locking Customer Accounts 100% Review<br>
+
4.7.2 Buffer Overflows 100% Review<br>
+
4.7.3 User Specified Object Allocation 100% Review<br>
+
4.7.4 User Input as a Loop Counter 100% Review<br>
+
4.7.5 Writing User Provided Data to Disk 100% Review<br>
+
4.7.6 Failure to Release Resources 100% Review<br>
+
4.7.7 Storing too Much Data in Session 90% Review<br>
+
  
4.8 [[Infrastructure and configuration Testing AoC|Infrastructure and configuration Testing]] (0%, TD)<br>
+
[[Testing for Authorization|'''4.6 Authorization Testing''']]
4.8.1 Intro and objective 0% TD<br>
+
4.8.2 Infrastructure configuration management testing 100% TD<br>
+
4.8.3 Application configuration management testing 100% TD<br>
+
4.8.4 Old, backup and unreferenced files 100% TD<br>
+
4.8.5 File extensions handling 90% TD<br>
+
4.8.6 Analisys of error code 50% TD<br>
+
4.8.7 SSL/TLS Testing: support of weak ciphers and cert validity 100% TD<br>
+
4.8.8 Testing defense from Automatic attacks (maybe a duplicate) 10% TD<br>
+
  
4.9 [[Web Services Testing AoC|Web Services Testing]] (0%, TD)<br>
+
[[Testing for Session Management|'''4.7 Session Management Testing''']]
4.9.1 XML Structural Attacks 0% TD<br>
+
4.9.2 XML content-level attacks 0% TD<br>
+
4.9.3 HTTP GET parameters/REST attacks 0% TD<br>
+
4.9.4 Naughty SOAP attachments 0% TD<br>
+
4.9.5 Brute force attacks 0% TD<br>
+
  
4.10 [[AJAX Testing AoC|AJAX Testing]] (0%, TD)<br>
+
[[Testing for Data Validation|'''4.8 Data Validation Testing''']]
4.10.1 Vulnerabilities 0% TD<br>
+
4.10.2 How to test 0% TD<br>
+
  
 +
[[Testing for Denial of Service|'''4.9 Testing for Denial of Service''']]
  
[[OWASP_Testing_Guide_v2_Table_of_Contents]]
+
[[Testing for Web Services|'''4.10 Web Services Testing''']]
 +
 
 +
[[Testing_for_AJAX:_introduction|'''4.11 Ajax Testing''']]

Revision as of 12:50, 7 December 2008

OWASP Testing Guide v3 Table of Contents

This article is part of the OWASP Testing Guide v3. The entire OWASP Testing Guide v3 can be downloaded here.

OWASP at the moment is working at the OWASP Testing Guide v4: you can browse the Guide here


The following paragraphs describe the Web Application Penetration Testing Methology, split into the 11 subcategories:

4.1 Introduction and Objectives

4.2 Information Gathering

4.3 Configuration Management Testing

4.4 Business logic testing

4.5 Authentication Testing

4.6 Authorization Testing

4.7 Session Management Testing

4.8 Data Validation Testing

4.9 Testing for Denial of Service

4.10 Web Services Testing

4.11 Ajax Testing