2013년 11월 20일 수요일

OWASP Testing Guide v3(frome yehg.net)

Ⅰ. Information Gathering

     1. Testing: Spiders, robots, and Crawlers (OWASP-IG-001)

     2. Search engine discovery/Reconnaissance (OWASP-IG-002)

     3. Identify application entry points (OWASP-IG-003)

     4. Testing for Web Application Fingerprint (OWASP-IG-004)

     5. Application Discovery (OWASP-IG-005)

     6. Analysis of Error Codes (OWASP-IG-006)


Ⅱ. Configuration Management Testing

      7. SSL/TLS Testing (OWASP-CM-001)

      8. DB Listener Testing (OWASP-CM-002)

      9. Infrastructure configuration management testing (OWASP-CM-003)

     10. Application configuration management testing (OWASP-CM-004)

     11. Testing for File extensions handling (OWASP-CM-005)

     12. Old, backup and unreferenced files (OWASP-CM-006)

     13. Infrastructure and Application Admin Interfaces (OWASP-CM-007)
     14. Testing for HTTP Methods and XST (OWASP-CM-008)


Ⅲ. Authentication Testing

     15. Credentials transport over an encrypted channel (OWASP-AT-001)

     16. Testing for user enumeration (OWASP-AT-002)

     17. Default or guessable (dictionary) user account (OWASP-AT-003)

     18. Testing For Brute Force (OWASP-AT-004)

     19. Testing for Bypassing authentication schema (OWASP-AT-005)

     20. Testing for Vulnerable remember password and pwd reset (OWASP-AT-006)

     21. Testing for Logout and Browser Cache Management (OWASP-AT-007)

     22. Testing for Captcha (OWASP-AT-008)

     23. Testing for Multiple factors Authentication (OWASP-AT-009)

     24. Testing for Race Conditions (OWASP-AT-010)


Ⅴ. Session Management Testing

     25. Testing for Session Management Schema (OWASP-SM-001)

     26. Testing for Cookies attributes (OWASP-SM-002)

     27. Testing for Session Fixation (OWASP-SM_003)

     28. Testing for Exposed Session Variables (OWASP-SM-004)

     29. Testing for CSRF (OWASP-SM-005)


Ⅵ. Authorization testing

     30. Testing for path traversal (OWASP-AZ-001)

     31. Testing for bypassing authorization schema (OWASP-AZ-002)

     32. Testing for Privilege Escalation (OWASP-AZ-003)


Ⅶ. Business logic testing (OWASP-BL-001)

     33. Business Logic Bugs


Ⅷ. Data Validation Testing

     34. Testing for Reflected Cross Site Scripting (OWASP-DV-001)

     35. Testing for Stored Cross Site Scripting (OWASP-DV-002)

     36. Testing for DOM based Cross Site Scripting (OWASP-DV-003)

     37. Testing for Cross Site Flashing (OWASP-DV-004)

     38. SQL Injection (MS,My,Oracle,Postgre) (OWASP-DV-005)

     39. LDAP Injection (OWASP-DV-006)

     40. ORM Injection (OWASP-DV-007)

     41. XML Injection (OWASP-DV-008)

     42. SSI Injection (OWASP-DV-009)

     43. XPath Injection (OWASP-DV-010)

     44. IMAP/SMTP Injection (OWASP-DV-011)

     45. Code Injection (OWASP-DV-012)

     46. OS Commanding (OWASP-DV-013)

     47. Buffer overflow Testing Heap, Stack, FormatString(OWASP-DV-014)

     48. Incubated vulnerability testing (OWASP-DV-015)

     49. Testing for HTTP Splitting/Smuggling (OWASP-DV-016)


Ⅸ. Denial of Service Testing

     50. Testing for SQL Wildcard Attacks (OWASP-DS-001)

     51. Locking Customer Accounts (OWASP-DS-002)

     52. Buffer Overflows (OWASP-DS-003)

     53. User Specified Object Allocation (OWASP-DS-004)

     54. User Input as a Loop Counter (OWASP-DS-005)

     55. Writing User Provided Data to Disk (OWASP-DS-006)

     56. Failure to Release Resources (OWASP-DS-007)

     57. Storing too Much Data in Session (OWASP-DS-008)


Ⅹ. Web Services Testing

     58. WS Information Gathering (OWASP-WS-001)

     59. Testing WSDL (OWASP-WS-002)

     60. XML Structural Testing (OWASP-WS-003

     61. XML Content-level Testing (OWASP-WS-004)

     62. HTTP GET parameters/REST Testing (OWASP-WS-005)

     63. Naughty SOAP attachments (OWASP-WS-006)

     64. Replay Testing (OWASP-WS-007)


-. Misc Tests

     65. AJAX Vulnerabilities (OWASP-AJ-001)

     66. Testing For AJAX (OWASP-AJ-002)



source : http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv3.php

댓글 9개:


  1. i have been a victim of scam to different hackers who almost ruined me till i read about,

    (wizardcyprushacker@gmail.com)

    on the internet, i decided to give him a try and just lastnight i checked my credit score and saw the positive changes he had made!! i have since then connected him to friends and family who all were flabbergasted by his results, i feel its only right i share him with the public as am sure there are so many in my situation.

    답글삭제
    답글
    1. ➡️MOBILE PHONE HACKING.
      ➡️BINARY FUNDS&BITCOIN RECOVERIES.

      ➡️SOCIAL MEDIA ACCOUNT&EMAIL HACKING etc....
      if you in a haste to have any of these done by seeking hackers yourselves,you will only get ripped.
      PLEASE PAY ATTENTION TO THIS ARTICLE AS YOU READ THROUGH IT.

      HOW WOULD YOU KNOW?? 

      TAKE NOTE AND PRECAUTIONS:

      1. you see uncertified email accounts carrying numberings likeiamhacklord1232@(gmail,yahoo or hotmailDOTcom)  pls flee from them, BIG SCAMMERS.

      They take your money and never do your job.

      2. you see posts like "do you need to spy on spouse?" All fake!just a way to lure you towards getting ripped!. 3, posting fake testimonies and comments to trick you into feeling safe. Pls endeavour to ignore!! 

      ➡️NOTE: beware as we urge you not to make respond to any "IVAN HONG,PETER SANTOS,MONICA HART (impersonating with our articles pretending to work under us)
      WE ONLY HAVE 2 EMAILS WHICH ARE LISTED BELOW THIS ARTICLE TO ATTEND TO ALL MANNERS OF CYBER HACKING ISSUES.

                             ◾VERY IMPORTANT ◾
      For years now, We've helped  organizations  secure data base,  so many sites USE US AS SECURITY BACK UP TEAM BECAUSE OF OUR METHODS OF  HANDLING CYBER MISHAPS. 

      "iPhone&ANDROID HACKS"

      "CLEAR CRIMINAL RECORDS"   

      "FUNDS RECOVERIES" AND LOT MORE BEEN DONE IN SHORT TIMING.
      these are significant EXPERIENCES & RECORDS a good and effectively fully recognized organization must firmly ascertain. 

                              ◾OUR AIMS HERE◾

      1◾to assign a qualified agent of specific rank to particularly any sort of cyber issues you intend dealing with in short and accurate timing.

      2◾ to screen in real hackers (gurus only) in need of job with or without a degree, to speed up the  availability of time given for Job contracts given to us.Thus an online binary decoding exam will be set for those who seeks employment under the teams Establishment.
       write us on:
      ◾Protocolhacks@gmail .com
      ◾Cybershieldnotch@gmail .com
      COREY ROD, 
      SIGNED...
      Thank you..

      삭제

  2. “It is clear that mainstream adoption and growth of cryptocurrency is being held back due to the vulnerable nature of the technology. While there is a high appetite to use it, giving your hard-earned cash to something you don’t fully understand, or trust, is a hurdle. With the safety of investments being of paramount importance to consumers, it is vital that they take their own steps to safeguard it. Like with any cyber threat, there is no substitute for vigilance – if something looks too good to be true, then it probably is,” Kaspersky’s Head of Commercialization Vitaly Mzokov stated but there is still a brighter future awaiting those who follow the right part.

    contact a cryptoGURU:
    onlinehacker4hire@gmail.com

    답글삭제
  3. i have used this hacker services more than 5 times and it has always worked try him and thank me later. Thanks to you cybergods116@gmail.com for all you have done for me
    Never settle for a cheating spouse. Contact cybergods116@gmail.com for any form of hack like
    1-DATABASE HACK.
    2-WHATSAPP HACK
    3-WEBSITE HACK
    4-TRACKING CALLS
    5-PHONE CLONE
    6-FACEBOOK HACK
    7-CHANGE SCHOOL GRADE
    8-ONLINE RECORDS CHANGES
    9-BANK ACCOUNT HACK
    10-ERASE CRIMINAL RECORDS
    11-ONLINE HACKING LECTURES
    12-WORLD PRESS BLOGS HACK
    13-CONTROL DEVICES REMOTELY HACK
    14-SALES OF DUMPS CARDS & CC OF ALL KIND
    15-RETRIVAL OF HACKED SOCIAL MEDIA ACCOUNTS
    16-INCREASE CREDIT SCORE
    i have used this hacker services more than 5 times and it has always worked try him and thank me later. Thanks to you cybergods116@gmail.com for all you have done for me

    답글삭제
  4. i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or always too scared to pin anything on her. with the help a friend IN PERSON OF PAIGE who recommended me to who help hack her phone, email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to HACKINTECHNOLOGY@GMAIL.COM . am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable. you could also text +1 669 225 2253

    답글삭제
  5. It's always painful when the people you love betray you like you're just a garbage. I and my husband live in a circle of just the two of us and my husband was travelled to Germany on a business trip and I was in the US alone . After two months I realized my husband had changed he hardly call me I tried to spy on his phone and see what's wrong I used Solution hacked team and I have access to his phone with just his phone number. Solution hacked team opened my eyes and I realized my husband had another wife in Germany . I felt betrayed and now I'm filling a divorce thanks to cyber gods hacked team for helping me. contact him today for better change in your life cybergods116@gmail.com whatsapp +1(539)999-9742

    답글삭제
  6. Everyone just need to be careful when it comes to hiring a hacker, due to my own personal experience with online hackers i think at first that no hacker online who mostly do advertise themselves worth it until i finally meant one honest hacker who helped me out, all just depends on who you meet, is either you are lucky to find the right one or unlucky and end up with the wrong hacker who turns out to work against you, have lost a lot of my saving to an unknown hacker but i got it recovered back by a white hat hacker, it wasn't easy to get his contact any way, a friend introduce him to me and i give it a try that's how everything worked out so pretty cool. anyone in need of a hacker can as well contact him through cybergods116@gmail.com whatsapp +1(539)999-9742

    답글삭제
  7. I’m writing this review to appreciate Hack.truththe credit repair specialist. Few weeks back I needed an urgent credit repair services which I was addressed to hack.truth the credit repair specialist for credit repair assistance through my Boss. I contacted hack.truth explaining myself and how I was directed to him explaining my credit repair challenge and how we could go back it. He explained everything about the process and how I get started providing all the information required for the process which I provided and within all negative information affecting my credit with a low credit score was resolved within 12days. I urge you to go with the best and trusted credit repair specialist: hack.truth77@gmail.com

    답글삭제
  8. Contact us(wizardcyprushacker@gmail.com ) whatsapp +1 (424) 209-7204

    if you need help with these:

    ?CLEAR CRIMINAL RECORDS
    ?DETECTABLE & UNDETECTABLE HACK ( PC,iPhone, Android or Organization computers)
    ?WEBSITES/SOCIAL MEDIA HACK (FB,Email, Skype,Tinder,Twitter,WhatsApp,Snapchat,Instagram,Telegram e.t.c)
    ?FLIP CASH AND COIN DOUBLING
    ?LOAD CREDIT CARDS
    ?BINARY OPTIONS SCAM RETRIEVALS
    ?BITCOINS (BTC) HACK
    ?PAYPAL ACCOUNT HACK (Verified acct only)
    ?INSTITUTION RESULT UPGRADE (College or High School)
    ?DATABASE HACK
    ?MONEY TRANSFER (specific to certain accounts)
    ?LOAN WITHOUT COLLATERALS
    ?WE INSTALL UNNOTICEABLE TRACK SOFTWARE ON TARGET'S DEVICE
    ?AND MANY OTHER CYBER RELATED ISSUES.
    All these were carried out in the shortest time possible with significant experience on each aspect.

    Contact:
    Email: wizardcyprushacker@gmail.com

    답글삭제