| About Blog Cheatsheets Defense Links Offense |
| Offense |
| Code Audit Exploit Hacking Input Validation Metasploit Methods Nmap OSSTMM Test OWASP Webtest Pentest Physical Pentest Backtrack Pentest SQL Inject |
OWASP
|
OWASP process 0 Information Gathering (spider, search engines, fingerprinting, error codes) 1 Configuration Management Testing (SSL, methods, extensions, backups) 2 Business Logic Testing (bypass logic) 3 Authentication Testing (captcha, methods, credentials, enumeration, bypass) 4 Authorization Testing (path traversal, bypass, break out, privilege escalation) 5 Session Management Testing (cookies, fixation, CSRF, variables) 6 Data Validation Testing (stored/reflected XSS, DOM, XSflashing, SQL, LDAP, XPath, XML, overflows, code/cmd injects) 7 Denial of Service Testing (SQL wildcards, account locking, overflows, spam flood) 8 Web Services Testing (WSDL, XML, SOAP) 9 Ajax Testing (Ajax, XMLHttpRequest) 11 Reporting (Findings and Remediations) |
|
Actual OWASP Top 10 A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards |