# Input Validation Testing 4.7.1 [Testing for Reflected Cross Site Scripting](/4-web_application_security_testing/07-input_validation_testing/01-testing_for_reflected_cross_site_scripting.md) 4.7.2 [Testing for Stored Cross Site Scripting](/4-web_application_security_testing/07-input_validation_testing/02-testing_for_stored_cross_site_scripting.md) 4.7.3 [Testing for HTTP Verb Tampering](/4-web_application_security_testing/07-input_validation_testing/03-testing_for_http_verb_tampering.md) 4.7.4 [Testing for HTTP Parameter Pollution](/4-web_application_security_testing/07-input_validation_testing/04-testing_for_http_parameter_pollution.md) 4.7.5 [Testing for SQL Injection](/4-web_application_security_testing/07-input_validation_testing/05-testing_for_sql_injection.md) * 4.7.5.1 [Testing for Oracle](/4-web_application_security_testing/07-input_validation_testing/05.1-testing_for_oracle.md) * 4.7.5.2 [Testing for MySQL](/4-web_application_security_testing/07-input_validation_testing/05.2-testing_for_mysql.md) * 4.7.5.3 [Testing for SQL Server](/4-web_application_security_testing/07-input_validation_testing/05.3-testing_for_sql_server.md) * 4.7.5.4 [Testing PostgreSQL](/4-web_application_security_testing/07-input_validation_testing/05.4-testing_postgresql.md) * 4.7.5.5 [Testing for MS Access](/4-web_application_security_testing/07-input_validation_testing/05.5-testing_for_ms_access.md) * 4.7.5.6 [Testing for NoSQL Injection](/4-web_application_security_testing/07-input_validation_testing/05.6-testing_for_nosql_injection.md) * 4.7.5.7 [Testing for ORM Injection](/4-web_application_security_testing/07-input_validation_testing/05.7-testing_for_orm_injection.md) * 4.7.5.8 [Testing for Client-side](/4-web_application_security_testing/07-input_validation_testing/05.8-testing_for_client-side.md) 4.7.6 [Testing for LDAP Injection](/4-web_application_security_testing/07-input_validation_testing/06-testing_for_ldap_injection.md) 4.7.7 [Testing for XML Injection](/4-web_application_security_testing/07-input_validation_testing/07-testing_for_xml_injection.md) 4.7.8 [Testing for SSI Injection](/4-web_application_security_testing/07-input_validation_testing/08-testing_for_ssi_injection.md) 4.7.9 [Testing for XPath Injection](/4-web_application_security_testing/07-input_validation_testing/09-testing_for_xpath_injection.md) 4.7.10 [Testing for IMAP SMTP Injection](/4-web_application_security_testing/07-input_validation_testing/10-testing_for_imap_smtp_injection.md) 4.7.11 [Testing for Code Injection](/4-web_application_security_testing/07-input_validation_testing/11-testing_for_code_injection.md) * 4.7.11.1 [Testing for File Inclusion](/4-web_application_security_testing/07-input_validation_testing/11.1-testing_for_file_inclusion.md) 4.7.12 [Testing for Command Injection](/4-web_application_security_testing/07-input_validation_testing/12-testing_for_command_injection.md) 4.7.13 [Testing for Format String Injection](/4-web_application_security_testing/07-input_validation_testing/13-testing_for_format_string_injection.md) 4.7.14 [Testing for Incubated Vulnerability](/4-web_application_security_testing/07-input_validation_testing/14-testing_for_incubated_vulnerability.md) 4.7.15 [Testing for HTTP Splitting Smuggling](/4-web_application_security_testing/07-input_validation_testing/15-testing_for_http_splitting_smuggling.md) 4.7.16 [Testing for HTTP Incoming Requests](/4-web_application_security_testing/07-input_validation_testing/16-testing_for_http_incoming_requests.md) 4.7.17 [Testing for Host Header Injection](/4-web_application_security_testing/07-input_validation_testing/17-testing_for_host_header_injection.md) 4.7.18 [Testing for Server-side Template Injection](/4-web_application_security_testing/07-input_validation_testing/18-testing_for_server-side_template_injection.md) 4.7.19 [Testing for Server-Side Request Forgery](/4-web_application_security_testing/07-input_validation_testing/19-testing_for_server-side_request_forgery.md) 4.7.20 [Testing for Mass Assignment](/4-web_application_security_testing/07-input_validation_testing/20-testing_for_mass_assignment.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://owasp.boireau.io/4-web_application_security_testing/07-input_validation_testing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.