OWASP Projects and Application Security
- OWASP Testing and Assessment Guides
- Web Security Testing Guide
- Testing Framework Fundamentals
- Information Gathering
- Conduct Search Engine Discovery
- Fingerprint Web Server
- Review Webserver Metafiles
- Enumerate Applications on Webserver
- Review Webpage Comments and Metadata
- Identify Application Entry Points
- Map Execution Paths Through Application
- Fingerprint Web Application Framework
- Fingerprint Web Application
- Map Application Architecture
- Conduct Search Engine Discovery
- Configuration and Deployment Management Testing
- Test Network Infrastructure Configuration
- Test Application Platform Configuration
- Test File Extensions Handling
- Review Old Backup and Unreferenced Files
- Enumerate Infrastructure and Application Admin Interfaces
- Test HTTP Methods
- Test HTTP Strict Transport Security
- Test RIA Cross Domain Policy
- Test File Permission
- Test for Subdomain Takeover
- Test Cloud Storage
- Test Network Infrastructure Configuration
- Identity Management Testing
- Authentication Testing
- Test for Credentials Transported over Encrypted Channel
- Test for Default Credentials
- Test for Weak Lock Out Mechanism
- Test for Bypassing Authentication Schema
- Test for Vulnerable Remember Password
- Test for Browser Cache Weaknesses
- Test for Weak Password Policy
- Test for Weak Security Question Answer
- Test for Weak Password Change or Reset Functionalities
- Test for Weaker Authentication in Alternative Channel
- Test for Credentials Transported over Encrypted Channel
- Session Management Testing
- Input Validation Testing
- Test for Reflected Cross Site Scripting
- Test for Stored Cross Site Scripting
- Test for HTTP Verb Tampering
- Test for HTTP Parameter Pollution
- Test for SQL Injection
- Test for LDAP Injection
- Test for XML Injection
- Test for SSI Injection
- Test for XPath Injection
- Test for IMAP SMTP Injection
- Test for Code Injection
- Test for Command Injection
- Test for Format String Injection
- Test for Incubated Vulnerability
- Test for HTTP Splitting Smuggling
- Test for HTTP Incoming Requests
- Test for Host Header Injection
- Test for Server Side Template Injection
- Test for Reflected Cross Site Scripting
- Error Handling Testing
- Cryptography Testing
- Business Logic Testing
- Test Business Logic Data Validation
- Test for Forged Requests
- Test for Integrity Checks
- Test for Process Timing
- Test Number of Times a Function Can Be Used Limits
- Test for Circumvention of Work Flows
- Test Defenses Against Application Misuse
- Test for Upload of Unexpected File Types
- Test for Upload of Malicious Files
- Test Business Logic Data Validation
- Client-Side Testing
- Test for DOM Based Cross Site Scripting
- Test for JavaScript Execution
- Test for HTML Injection
- Test for Client Side URL Redirect
- Test for CSS Injection
- Test for Client Side Resource Manipulation
- Test Cross Origin Resource Sharing
- Test for Cross Site Flashing
- Test for Clickjacking
- Test WebSockets
- Test Web Messaging
- Test Browser Storage
- Test for Cross Site Script Inclusion
- Test for DOM Based Cross Site Scripting
- Mobile Application Security Testing Guide
- Mobile Security Testing Fundamentals
- General Mobile Application Testing Guide
- Android Testing Guide
- Platform Overview
- Android Security Testing Basics
- Data Storage on Android
- Android Cryptographic APIs
- Local Authentication on Android
- Android Network Communication
- Android Platform APIs
- Code Quality and Build Settings for Android Apps
- Tampering and Reverse Engineering on Android
- Android Anti-Reversing Defenses
- Platform Overview
- iOS Testing Guide
- API Security Testing Guide
- Web Security Testing Guide