OWASP Testing Guide
  • Foreword by Eoin Keary
  • Frontispiece
  • Introduction
  • The OWASP Testing Framework
    • The Web Security Testing Framework
    • Penetration Testing Methodologies
  • Web Application Security Testing
    • Introduction and Objectives
    • Information Gathering
      • Conduct Search Engine Discovery Reconnaissance for Information Leakage (WSTG-INFO-01)
      • Fingerprint Web Server (WSTG-INFO-02)
      • Review Webserver Metafiles for Information Leakage (WSTG-INFO-03)
      • Enumerate Applications on Webserver (WSTG-INFO-04)
      • Review Webpage Content for Information Leakage (WSTG-INFO-05)
      • Identify Application Entry Points (WSTG-INFO-06)
      • Map Execution Paths Through Application (WSTG-INFO-07)
      • Fingerprint Web Application Framework (WSTG-INFO-08)
      • Fingerprint Web Application (WSTG-INFO-09)
      • Map Application Architecture (WSTG-INFO-10)
    • Configuration and Deployment Management Testing
      • Test Network Infrastructure Configuration (WSTG-CONF-01)
      • Test Application Platform Configuration (WSTG-CONF-02)
      • Test File Extensions Handling for Sensitive Information (WSTG-CONF-03)
      • Review Old Backup and Unreferenced Files for Sensitive Information (WSTG-CONF-04)
      • Enumerate Infrastructure and Application Admin Interfaces (WSTG-CONF-05)
      • Test HTTP Methods (WSTG-CONF-06)
      • Test HTTP Strict Transport Security (WSTG-CONF-07)
      • Test RIA Cross Domain Policy (WSTG-CONF-08)
      • Test File Permission (WSTG-CONF-09)
      • Test for Subdomain Takeover (WSTG-CONF-10)
      • Test Cloud Storage (WSTG-CONF-11)
      • Testing for Content Security Policy (WSTG-CONF-12)
    • Identity Management Testing
      • Test Role Definitions (WSTG-IDNT-01)
      • Test User Registration Process (WSTG-IDNT-02)
      • Test Account Provisioning Process (WSTG-IDNT-03)
      • Testing for Account Enumeration and Guessable User Account (WSTG-IDNT-04)
      • Testing for Weak or Unenforced Username Policy (WSTG-IDNT-05)
    • Authentication Testing
      • Testing for Credentials Transported over an Encrypted Channel (WSTG-ATHN-01)
      • Testing for Default Credentials (WSTG-ATHN-02)
      • Testing for Weak Lock Out Mechanism (WSTG-ATHN-03)
      • Testing for Bypassing Authentication Schema (WSTG-ATHN-04)
      • Testing for Vulnerable Remember Password (WSTG-ATHN-05)
      • Testing for Browser Cache Weaknesses (WSTG-ATHN-06)
      • Testing for Weak Password Policy (WSTG-ATHN-07)
      • Testing for Weak Security Question Answer (WSTG-ATHN-08)
      • Testing for Weak Password Change or Reset Functionalities (WSTG-ATHN-09)
      • Testing for Weaker Authentication in Alternative Channel (WSTG-ATHN-10)
      • Testing Multi-Factor Authentication (MFA) (WSTG-AUTH-11)
    • Authorization Testing
      • Testing Directory Traversal File Include (WSTG-ATHZ-01)
      • Testing for Bypassing Authorization Schema (WSTG-ATHZ-02)
      • Testing for Privilege Escalation (WSTG-ATHZ-03)
      • Testing for Insecure Direct Object References (WSTG-ATHZ-04)
      • Testing for OAuth Authorization Server Weaknesses
      • Testing for OAuth Client Weaknesses
      • Testing for OAuth Weaknesses (WSTG-ATHZ-05)
    • Session Management Testing
      • Testing for Session Management Schema (WSTG-SESS-01)
      • Testing for Cookies Attributes (WSTG-SESS-02)
      • Testing for Session Fixation (WSTG-SESS-03)
      • Testing for Exposed Session Variables (WSTG-SESS-04)
      • Testing for Cross Site Request Forgery (WSTG-SESS-05)
      • Testing for Logout Functionality (WSTG-SESS-06)
      • Testing Session Timeout (WSTG-SESS-07)
      • Testing for Session Puzzling (WSTG-SESS-08)
      • Testing for Session Hijacking (WSTG-SESS-09)
      • Testing JSON Web Tokens (WSTG-SESS-10)
    • Input Validation Testing
      • Testing for Reflected Cross Site Scripting (WSTG-INPV-01)
      • Testing for Stored Cross Site Scripting (WSTG-INPV-02)
      • Testing for HTTP Verb Tampering (WSTG-INPV-03)
      • Testing for HTTP Parameter Pollution (WSTG-INPV-04)
      • Testing for Oracle
      • Testing for MySQL
      • Testing for SQL Server
      • Testing PostgreSQL
      • Testing for MS Access
      • Testing for NoSQL Injection
      • Testing for ORM Injection
      • Testing for Client-side
      • Testing for SQL Injection (WSTG-INPV-05)
      • Testing for LDAP Injection (WSTG-INPV-06)
      • Testing for XML Injection (WSTG-INPV-07)
      • Testing for SSI Injection (WSTG-INPV-08)
      • Testing for XPath Injection (WSTG-INPV-09)
      • Testing for IMAP SMTP Injection (WSTG-INPV-10)
      • Testing for File Inclusion
      • Testing for Code Injection (WSTG-INPV-11)
      • Testing for Command Injection (WSTG-INPV-12)
      • Testing for Buffer Overflow (WSTG-INPV-13)
      • Testing for Format String Injection (WSTG-INPV-13)
      • Testing for Incubated Vulnerability (WSTG-INPV-14)
      • Testing for HTTP Splitting Smuggling (WSTG-INPV-15)
      • Testing for HTTP Incoming Requests (WSTG-INPV-16)
      • Testing for Host Header Injection (WSTG-INPV-17)
      • Testing for Server-side Template Injection (WSTG-INPV-18)
      • Testing for Server-Side Request Forgery (WSTG-INPV-19)
      • Testing for Mass Assignment (WSTG-INPV-20)
    • Testing for Error Handling
      • Testing for Improper Error Handling (WSTG-ERRH-01)
      • Testing for Stack Traces (WSTG-ERRH-02)
    • Testing for Weak Cryptography
      • Testing for Weak Transport Layer Security (WSTG-CRYP-01)
      • Testing for Padding Oracle (WSTG-CRYP-02)
      • Testing for Sensitive Information Sent via Unencrypted Channels (WSTG-CRYP-03)
      • Testing for Weak Encryption (WSTG-CRYP-04)
    • Business Logic Testing
      • Introduction to Business Logic
      • Test Business Logic Data Validation (WSTG-BUSL-01)
      • Test Ability to Forge Requests (WSTG-BUSL-02)
      • Test Integrity Checks (WSTG-BUSL-03)
      • Test for Process Timing (WSTG-BUSL-04)
      • Test Number of Times a Function Can Be Used Limits (WSTG-BUSL-05)
      • Testing for the Circumvention of Work Flows (WSTG-BUSL-06)
      • Test Defenses Against Application Misuse (WSTG-BUSL-07)
      • Test Upload of Unexpected File Types (WSTG-BUSL-08)
      • Test Upload of Malicious Files (WSTG-BUSL-09)
      • Test Payment Functionality (WSTG-BUSL-10)
    • Client-Side Testing
      • Testing for Self DOM Based Cross-Site Scripting
      • Testing for DOM-Based Cross Site Scripting (WSTG-CLNT-01)
      • Testing for JavaScript Execution (WSTG-CLNT-02)
      • Testing for HTML Injection (WSTG-CLNT-03)
      • Testing for Client-side URL Redirect (WSTG-CLNT-04)
      • Testing for CSS Injection (WSTG-CLNT-05)
      • Testing for Client-side Resource Manipulation (WSTG-CLNT-06)
      • Testing Cross Origin Resource Sharing (WSTG-CLNT-07)
      • Testing for Cross Site Flashing (WSTG-CLNT-08)
      • Testing for Clickjacking (WSTG-CLNT-09)
      • Testing WebSockets (WSTG-CLNT-10)
      • Testing Web Messaging (WSTG-CLNT-11)
      • Testing Browser Storage (WSTG-CLNT-12)
      • Testing for Cross Site Script Inclusion (WSTG-CLNT-13)
      • Testing for Reverse Tabnabbing (WSTG-CLNT-14)
    • API Testing
      • Testing GraphQL (WSTG-APIT-01)
  • Reporting
    • Reporting
    • Vulnerability Naming Schemes
  • Appendix
    • Testing Tools Resource
    • Suggested Reading
    • Fuzz Vectors
    • Encoded Injection
    • History
    • Leveraging Dev Tools
  • Testing Checklist
  • Table of Contents
  • REST Assessment Cheat Sheet
  • API Testing
Powered by GitBook
On this page

Testing Checklist

The following is the list of items to test during the assessment:

Note: The Status column can be set for values similar to "Pass", "Fail", "N/A".

Test ID
Test Name
Status
Notes

WSTG-INFO

Information Gathering

WSTG-INFO-01

Conduct Search Engine Discovery and Reconnaissance for Information Leakage

WSTG-INFO-02

Fingerprint Web Server

WSTG-INFO-03

Review Webserver Metafiles for Information Leakage

WSTG-INFO-04

Enumerate Applications on Webserver

WSTG-INFO-05

Review Webpage Content for Information Leakage

WSTG-INFO-06

Identify Application Entry Points

WSTG-INFO-07

Map Execution Paths Through Application

WSTG-INFO-08

Fingerprint Web Application Framework

WSTG-INFO-09

Fingerprint Web Application

WSTG-INFO-10

Map Application Architecture

WSTG-CONF

Configuration and Deploy Management Testing

WSTG-CONF-01

Test Network Infrastructure Configuration

WSTG-CONF-02

Test Application Platform Configuration

WSTG-CONF-03

Test File Extensions Handling for Sensitive Information

WSTG-CONF-04

Review Old Backup and Unreferenced Files for Sensitive Information

WSTG-CONF-05

Enumerate Infrastructure and Application Admin Interfaces

WSTG-CONF-06

Test HTTP Methods

WSTG-CONF-07

Test HTTP Strict Transport Security

WSTG-CONF-08

Test RIA Cross Domain Policy

WSTG-CONF-09

Test File Permission

WSTG-CONF-10

Test for Subdomain Takeover

WSTG-CONF-11

Test Cloud Storage

WSTG-CONF-12

Testing for Content Security Policy

WSTG-IDNT

Identity Management Testing

WSTG-IDNT-01

Test Role Definitions

WSTG-IDNT-02

Test User Registration Process

WSTG-IDNT-03

Test Account Provisioning Process

WSTG-IDNT-04

Testing for Account Enumeration and Guessable User Account

WSTG-IDNT-05

Testing for Weak or Unenforced Username Policy

WSTG-ATHN

Authentication Testing

WSTG-ATHN-01

Testing for Credentials Transported over an Encrypted Channel

WSTG-ATHN-02

Testing for Default Credentials

WSTG-ATHN-03

Testing for Weak Lock Out Mechanism

WSTG-ATHN-04

Testing for Bypassing Authentication Schema

WSTG-ATHN-05

Testing for Vulnerable Remember Password

WSTG-ATHN-06

Testing for Browser Cache Weakness

WSTG-ATHN-07

Testing for Weak Password Policy

WSTG-ATHN-08

Testing for Weak Security Question Answer

WSTG-ATHN-09

Testing for Weak Password Change or Reset Functionalities

WSTG-ATHN-10

Testing for Weaker Authentication in Alternative Channel

WSTG-ATHZ

Authorization Testing

WSTG-ATHZ-01

Testing Directory Traversal File Include

WSTG-ATHZ-02

Testing for Bypassing Authorization Schema

WSTG-ATHZ-03

Testing for Privilege Escalation

WSTG-ATHZ-04

Testing for Insecure Direct Object References

WSTG-SESS

Session Management Testing

WSTG-SESS-01

Testing for Session Management Schema

WSTG-SESS-02

Testing for Cookies Attributes

WSTG-SESS-03

Testing for Session Fixation

WSTG-SESS-04

Testing for Exposed Session Variables

WSTG-SESS-05

Testing for Cross Site Request Forgery

WSTG-SESS-06

Testing for Logout Functionality

WSTG-SESS-07

Testing Session Timeout

WSTG-SESS-08

Testing for Session Puzzling

WSTG-SESS-09

Testing for Session Hijacking

WSTG-SESS-10

Testing JSON Web Tokens

WSTG-INPV

Input Validation Testing

WSTG-INPV-01

Testing for Reflected Cross Site Scripting

WSTG-INPV-02

Testing for Stored Cross Site Scripting

WSTG-INPV-03

Testing for HTTP Verb Tampering

WSTG-INPV-04

Testing for HTTP Parameter pollution

WSTG-INPV-05

Testing for SQL Injection

WSTG-INPV-06

Testing for LDAP Injection

WSTG-INPV-07

Testing for XML Injection

WSTG-INPV-08

Testing for SSI Injection

WSTG-INPV-09

Testing for XPath Injection

WSTG-INPV-10

Testing for IMAP SMTP Injection

WSTG-INPV-11

Testing for Code Injection

WSTG-INPV-12

Testing for Command Injection

WSTG-INPV-13

Testing for Format String Injection

WSTG-INPV-14

Testing for Incubated Vulnerabilities

WSTG-INPV-15

Testing for HTTP Splitting Smuggling

WSTG-INPV-16

Testing for HTTP Incoming Requests

WSTG-INPV-17

Testing for Host Header Injection

WSTG-INPV-18

Testing for Server-Side Template Injection

WSTG-INPV-19

Testing for Server-Side Request Forgery

WSTG-ERRH

Error Handling

WSTG-ERRH-01

Testing for Improper Error Handling

WSTG-ERRH-02

Testing for Stack Traces

WSTG-CRYP

Cryptography

WSTG-CRYP-01

Testing for Weak Transport Layer Security

WSTG-CRYP-02

Testing for Padding Oracle

WSTG-CRYP-03

Testing for Sensitive Information Sent Via Unencrypted Channels

WSTG-CRYP-04

Testing for Weak Encryption

WSTG-BUSLOGIC

Business Logic Testing

WSTG-BUSL-01

Test Business Logic Data Validation

WSTG-BUSL-02

Test Ability to Forge Requests

WSTG-BUSL-03

Test Integrity Checks

WSTG-BUSL-04

Test for Process Timing

WSTG-BUSL-05

Test Number of Times a Function Can Be Used Limits

WSTG-BUSL-06

Testing for the Circumvention of Work Flows

WSTG-BUSL-07

Test Defenses Against Application Misuse

WSTG-BUSL-08

Test Upload of Unexpected File Types

WSTG-BUSL-09

Test Upload of Malicious Files

WSTG-CLIENT

Client-side Testing

WSTG-CLNT-01

Testing for DOM Based Cross Site Scripting

WSTG-CLNT-02

Testing for JavaScript Execution

WSTG-CLNT-03

Testing for HTML Injection

WSTG-CLNT-04

Testing for Client-Side URL Redirect

WSTG-CLNT-05

Testing for CSS Injection

WSTG-CLNT-06

Testing for Client-Side Resource Manipulation

WSTG-CLNT-07

Test Cross Origin Resource Sharing

WSTG-CLNT-08

Testing for Cross Site Flashing

WSTG-CLNT-09

Testing for Clickjacking

WSTG-CLNT-10

Testing WebSockets

WSTG-CLNT-11

Test Web Messaging

WSTG-CLNT-12

Test Browser Storage

WSTG-CLNT-13

Testing for Cross Site Script Inclusion

WSTG-APIT

API Testing

WSTG-APIT-01

Testing GraphQL

PreviousLeveraging Dev ToolsNextTable of Contents

Last updated 2 years ago