Certificate Authentication

Introduction

Exploring the OWASP Testing Project

• Principles of testing
• Testing techniques
• Deriving security test requirements
• Security tests integrated in development and testing workflows
• Security test data analysis and reporting

Working with the OWASP Testing Framework

• Phase 1: Before development begins
• Phase 2: During definition and design
• Phase 3: During development
• Phase 4: During deployment
• Phase 5: Maintenance and operations
• A typical lifecycle testing workflow
• Penetration testing methodologies

Testing the Web Application Security

• Introduction and objectives
• Information gathering
• Conduct search engine discovery and reconnaissance for information leakage
• Fingerprint web server
• Review webserver metafiles for information leakage
• Enumerate applications on webserver
• Review webpage content for information leakage
• Identify application entry points
• Map execution paths through application
• Fingerprint web application framework
• Fingerprint web application
• Map application architecture
• Configuration and deployment management testing
• Test network/infrastructure configuration
• Test application platform configuration
• Test file extensions handling for sensitive information
• Review old, backup, and unreferenced files for sensitive information
• Enumerate infrastructure and application admin interfaces
• Test HTTP methods
• Test HTTP strict transport security
• Test RIA cross domain policy
• Test file permission
• Test for subdomain takeover
• Test cloud storage

Identity Management Testing

• Test role definitions
• Test user registration process
• Test account provisioning process
• Testing for account enumeration and guessable user account
• Testing for weak or unenforced username policy

Authentication Testing

• Testing for credentials transported over an encrypted channel
• Testing for default credentials
• Testing for weak lock out mechanism
• Testing for bypassing authentication schema
• Testing for vulnerable remember password
• Testing for browser cache weakness
• Testing for weak password policy
• Testing for weak security question answer
• Testing for weak password change or reset functionalities
• Testing for weaker authentication in alternative channel

Authorization Testing

• Testing directory traversal/file include
• Testing for bypassing authorization schema
• Testing for privilege escalation
• Testing for insecure direct object references

Session Management Testing

• Testing for session management schema
• Testing for cookies attributes
• Testing for session fixation
• Testing for exposed session variables
• Testing for cross site request forgery
• Testing for logout functionality
• Testing session timeout
• Testing for session puzzling
• Testing for session hijacking

Input Validation Testing

• Testing for reflected cross site scripting
• Testing for stored cross site scripting
• Testing for HTTP verb tampering
• Testing for HTTP parameter pollution
• Testing for SQL injection
• Testing for Oracle
• Testing for MySQL
• Testing for SQL server
• Testing for PostgreSQL
• Testing for MS Access
• Testing for NoSQL injection
• Testing for ORM injection
• Testing for Client-side
• Testing for LDAP injection
• Testing for XML injection
• Testing for SSI injection
• Testing for XPath injection
• Testing for IMAP/SMTP injection
• Testing for code injection
• Testing for local file inclusion
• Testing for remote file inclusion
• Testing for command injection
• Testing for format string injection
• Testing for incubated vulnerability
• Testing for HTTP splitting/smuggling
• Testing for HTTP incoming requests
• Testing for host header injection
• Testing for server-side template injection
• Testing for server-side request forgery

Testing for Error Handling

• Testing for improper error handling
• Testing for stack traces

Testing for Weak Cryptography

• Testing for weak Transport Layer Security
• Testing for padding Oracle
• Testing for sensitive information sent via unencrypted channels
• Testing for weak encryption

Business Logic Testing

• Introduction to business logic
• Test business logic data validation
• Test ability to forge requests
• Test integrity checks
• Test for process timing
• Test number of times a function can be used limits
• Testing for the circumvention of work flows
• Test defenses against application misuse
• Test upload of unexpected file types
• Test upload of malicious files

Client-Side Testing

• Testing for DOM-based cross site scripting
• Testing for JavaScript execution
• Testing for HTML injection
• Testing for client-side URL redirect 
• Testing for CSS injection
• Testing for client-side resource manipulation
• Testing cross origin resource sharing
• Testing for cross site flashing
• Testing for clickjacking
• Testing WebSockets
• Testing web messaging
• Testing browser storage
• Testing for cross site script inclusion

API Testing

• Testing GraphQL

Reporting

• Introduction
• Executive summary
• Findings
• Appendices