├── 14-Configuration
    ├── 14-2-1-Up-to-date-components.md
    ├── 14-2-2-Excess-configuration-removed.md
    ├── 14-2-3-Subresource-Integrity.md
    ├── 14-3-1-Error-messages.md
    ├── 14-3-2-Debug-modes.md
    ├── 14-3-3-Version-information-of-system-components.md
    ├── 14-4-1-Charset.md
    ├── 14-4-2-Content-Disposition-attachment.md
    ├── 14-4-3-Content-Security-Policy.md
    ├── 14-4-4-X-Content-Type-Options-nosniff.md
    ├── 14-4-5-HTTP-Strict-Transport-Security.md
    ├── 14-4-6-Referrer-Policy.md
    ├── 14-4-7-X-Frame-Options.md
    ├── 14-5-1-HTTP-methods.md
    ├── 14-5-2-Origin-header.md
    └── 14-5-3-CORS-header.md
├── 3-Session-management
    ├── 3-1-1-Session-tokens-in-URL.md
    ├── 3-2-1-New-session-token-on-authentication.md
    ├── 3-2-2-Session-token-entropy.md
    ├── 3-2-3-Token-storage-in-browser.md
    ├── 3-3-1-Logout.md
    ├── 3-3-2-Reauthentication-period.md
    ├── 3-4-1-Cookie-Secure-attribute.md
    ├── 3-4-2-Cookie-HttpOnly-attribute.md
    ├── 3-4-3-Cookie-SameSite-attribute.md
    ├── 3-4-4-Cookie-Host-prefix.md
    ├── 3-4-5-Cookie-Path-attribute.md
    └── 3-7-1-Sensitive-transactions.md
├── 4-Access-control
    ├── 4-0-Introduction.md
    ├── 4-1-1-Client-side-trust.md
    ├── 4-1-2-Data-attributes.md
    ├── 4-1-3-Principle-of-least-privilege.md
    ├── 4-1-4-Principle-of-deny-by-default.md
    ├── 4-1-5-Secure-failure.md
    ├── 4-2-1-Direct-object-attacks.md
    ├── 4-2-2-CSRF-protection.md
    ├── 4-3-1-Admin-MFA.md
    └── 4-3-2-Directory-browsing.md
├── 5-Input-validation
    └── 5-1-1-HTTP-parameter-pollution.md
├── 9-Communication
    ├── 9-1-1-Communication-over-TLS.md
    ├── 9-1-2-Strong algorithms.md
    └── 9-1-3-TLS-versions.md
├── ASVS.policy
├── Bash-script
    └── 9-Communication-script.sh
├── CONTRIBUTING.md
├── LICENSE.md
├── OWASP-ASVS-testing-guide.pdf
├── README.md
└── ZAP-scripts
    ├── Getting-Started-with-ZAP-scripting.pdf
    ├── README.md
    ├── active
        ├── 14-3-1-Error-messages.py
        ├── 14-5-1-HTTP-methods.py
        ├── 14-5-3-CORS-header.py
        ├── 5-2-3-imap-injection.py
        ├── 5-2-7-svg-script-injection.py
        ├── 5-2-8-template-language-injection.py
        └── 5-3-6-json-injection.py
    ├── httpfuzzerprocessor
        ├── 2-5-4-default-accounts.js
        ├── 3-2-1-new-session-token.js
        ├── default_accounts_wordlist.txt
        ├── password_security.js
        └── password_security_wordlist.txt.gz
    ├── passive
        ├── 13-1-3-key-in-api-url.py
        ├── 14-2-3-Subresource-Integrity.py
        ├── 14-3-2-Debug-modes.py
        ├── 14-3-3-Server-header.py
        ├── 14-4-1-Charset.py
        ├── 14-4-2-Content-Disposition.py
        ├── 14-4-3-Content-Security-Policy.py
        ├── 14-4-4 X-Content-Type-Options.py
        ├── 14-4-5-HTTP-Strict-Transport-Security.py
        ├── 14-4-6-Referrer-Policy.py
        ├── 14-4-7-X-Frame-Options.py
        ├── 14-5-2-Origin-header.py
        ├── 2-5-2-secret-questions.py
        ├── 3-1-1-Session-tokens-in-URLs.py
        ├── 3-1-1-token-in-url.py
        ├── 3-2-2-session-token-entropy.py
        ├── 3-4-1-cookie-secure-attribute.py
        ├── 3-4-2-cookie-httponly-attribute.py
        ├── 3-4-3-cookie-samesite-attribute.py
        ├── 3-4-4-cookie-host-prefix.py
        ├── 3-4-5-cookie-path-attribute.py
        ├── 4-1-2-Hidden-fields.py
        ├── 4-1-5-fail-securely.py
        ├── 4-2-2-CSRF-tokens.py
        ├── 5-1-1-HTTP parameter-pollution.py
        ├── 5-2-4-eval-body.py
        ├── 5-3-2-preserve-encoding.py
        ├── 8-2-1-anti-cache-header.py
        ├── 8-3-1-sensitive-data-parameters.py
        └── 9-1-1-tls-communication.py
    └── standalone
        └── reformat-alerts.js


/14-Configuration/14-2-1-Up-to-date-components.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-2-1-Up-to-date-components.md


--------------------------------------------------------------------------------
/14-Configuration/14-2-2-Excess-configuration-removed.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-2-2-Excess-configuration-removed.md


--------------------------------------------------------------------------------
/14-Configuration/14-2-3-Subresource-Integrity.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-2-3-Subresource-Integrity.md


--------------------------------------------------------------------------------
/14-Configuration/14-3-1-Error-messages.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-3-1-Error-messages.md


--------------------------------------------------------------------------------
/14-Configuration/14-3-2-Debug-modes.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-3-2-Debug-modes.md


--------------------------------------------------------------------------------
/14-Configuration/14-3-3-Version-information-of-system-components.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-3-3-Version-information-of-system-components.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-1-Charset.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-1-Charset.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-2-Content-Disposition-attachment.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-2-Content-Disposition-attachment.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-3-Content-Security-Policy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-3-Content-Security-Policy.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-4-X-Content-Type-Options-nosniff.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-4-X-Content-Type-Options-nosniff.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-5-HTTP-Strict-Transport-Security.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-5-HTTP-Strict-Transport-Security.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-6-Referrer-Policy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-6-Referrer-Policy.md


--------------------------------------------------------------------------------
/14-Configuration/14-4-7-X-Frame-Options.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-4-7-X-Frame-Options.md


--------------------------------------------------------------------------------
/14-Configuration/14-5-1-HTTP-methods.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-5-1-HTTP-methods.md


--------------------------------------------------------------------------------
/14-Configuration/14-5-2-Origin-header.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-5-2-Origin-header.md


--------------------------------------------------------------------------------
/14-Configuration/14-5-3-CORS-header.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/14-Configuration/14-5-3-CORS-header.md


--------------------------------------------------------------------------------
/3-Session-management/3-1-1-Session-tokens-in-URL.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-1-1-Session-tokens-in-URL.md


--------------------------------------------------------------------------------
/3-Session-management/3-2-1-New-session-token-on-authentication.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-2-1-New-session-token-on-authentication.md


--------------------------------------------------------------------------------
/3-Session-management/3-2-2-Session-token-entropy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-2-2-Session-token-entropy.md


--------------------------------------------------------------------------------
/3-Session-management/3-2-3-Token-storage-in-browser.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-2-3-Token-storage-in-browser.md


--------------------------------------------------------------------------------
/3-Session-management/3-3-1-Logout.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-3-1-Logout.md


--------------------------------------------------------------------------------
/3-Session-management/3-3-2-Reauthentication-period.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-3-2-Reauthentication-period.md


--------------------------------------------------------------------------------
/3-Session-management/3-4-1-Cookie-Secure-attribute.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-4-1-Cookie-Secure-attribute.md


--------------------------------------------------------------------------------
/3-Session-management/3-4-2-Cookie-HttpOnly-attribute.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-4-2-Cookie-HttpOnly-attribute.md


--------------------------------------------------------------------------------
/3-Session-management/3-4-3-Cookie-SameSite-attribute.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-4-3-Cookie-SameSite-attribute.md


--------------------------------------------------------------------------------
/3-Session-management/3-4-4-Cookie-Host-prefix.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-4-4-Cookie-Host-prefix.md


--------------------------------------------------------------------------------
/3-Session-management/3-4-5-Cookie-Path-attribute.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-4-5-Cookie-Path-attribute.md


--------------------------------------------------------------------------------
/3-Session-management/3-7-1-Sensitive-transactions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/3-Session-management/3-7-1-Sensitive-transactions.md


--------------------------------------------------------------------------------
/4-Access-control/4-0-Introduction.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-0-Introduction.md


--------------------------------------------------------------------------------
/4-Access-control/4-1-1-Client-side-trust.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-1-1-Client-side-trust.md


--------------------------------------------------------------------------------
/4-Access-control/4-1-2-Data-attributes.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-1-2-Data-attributes.md


--------------------------------------------------------------------------------
/4-Access-control/4-1-3-Principle-of-least-privilege.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-1-3-Principle-of-least-privilege.md


--------------------------------------------------------------------------------
/4-Access-control/4-1-4-Principle-of-deny-by-default.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-1-4-Principle-of-deny-by-default.md


--------------------------------------------------------------------------------
/4-Access-control/4-1-5-Secure-failure.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-1-5-Secure-failure.md


--------------------------------------------------------------------------------
/4-Access-control/4-2-1-Direct-object-attacks.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-2-1-Direct-object-attacks.md


--------------------------------------------------------------------------------
/4-Access-control/4-2-2-CSRF-protection.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-2-2-CSRF-protection.md


--------------------------------------------------------------------------------
/4-Access-control/4-3-1-Admin-MFA.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-3-1-Admin-MFA.md


--------------------------------------------------------------------------------
/4-Access-control/4-3-2-Directory-browsing.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/4-Access-control/4-3-2-Directory-browsing.md


--------------------------------------------------------------------------------
/5-Input-validation/5-1-1-HTTP-parameter-pollution.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/5-Input-validation/5-1-1-HTTP-parameter-pollution.md


--------------------------------------------------------------------------------
/9-Communication/9-1-1-Communication-over-TLS.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/9-Communication/9-1-1-Communication-over-TLS.md


--------------------------------------------------------------------------------
/9-Communication/9-1-2-Strong algorithms.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/9-Communication/9-1-2-Strong algorithms.md


--------------------------------------------------------------------------------
/9-Communication/9-1-3-TLS-versions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/9-Communication/9-1-3-TLS-versions.md


--------------------------------------------------------------------------------
/ASVS.policy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ASVS.policy


--------------------------------------------------------------------------------
/Bash-script/9-Communication-script.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/Bash-script/9-Communication-script.sh


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/CONTRIBUTING.md


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/LICENSE.md


--------------------------------------------------------------------------------
/OWASP-ASVS-testing-guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/OWASP-ASVS-testing-guide.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/README.md


--------------------------------------------------------------------------------
/ZAP-scripts/Getting-Started-with-ZAP-scripting.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/Getting-Started-with-ZAP-scripting.pdf


--------------------------------------------------------------------------------
/ZAP-scripts/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/README.md


--------------------------------------------------------------------------------
/ZAP-scripts/active/14-3-1-Error-messages.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/14-3-1-Error-messages.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/14-5-1-HTTP-methods.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/14-5-1-HTTP-methods.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/14-5-3-CORS-header.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/14-5-3-CORS-header.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/5-2-3-imap-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/5-2-3-imap-injection.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/5-2-7-svg-script-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/5-2-7-svg-script-injection.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/5-2-8-template-language-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/5-2-8-template-language-injection.py


--------------------------------------------------------------------------------
/ZAP-scripts/active/5-3-6-json-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/active/5-3-6-json-injection.py


--------------------------------------------------------------------------------
/ZAP-scripts/httpfuzzerprocessor/2-5-4-default-accounts.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/httpfuzzerprocessor/2-5-4-default-accounts.js


--------------------------------------------------------------------------------
/ZAP-scripts/httpfuzzerprocessor/3-2-1-new-session-token.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/httpfuzzerprocessor/3-2-1-new-session-token.js


--------------------------------------------------------------------------------
/ZAP-scripts/httpfuzzerprocessor/default_accounts_wordlist.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/httpfuzzerprocessor/default_accounts_wordlist.txt


--------------------------------------------------------------------------------
/ZAP-scripts/httpfuzzerprocessor/password_security.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/httpfuzzerprocessor/password_security.js


--------------------------------------------------------------------------------
/ZAP-scripts/httpfuzzerprocessor/password_security_wordlist.txt.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/httpfuzzerprocessor/password_security_wordlist.txt.gz


--------------------------------------------------------------------------------
/ZAP-scripts/passive/13-1-3-key-in-api-url.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/13-1-3-key-in-api-url.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-2-3-Subresource-Integrity.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-2-3-Subresource-Integrity.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-3-2-Debug-modes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-3-2-Debug-modes.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-3-3-Server-header.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-3-3-Server-header.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-1-Charset.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-1-Charset.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-2-Content-Disposition.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-2-Content-Disposition.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-3-Content-Security-Policy.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-3-Content-Security-Policy.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-4 X-Content-Type-Options.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-4 X-Content-Type-Options.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-5-HTTP-Strict-Transport-Security.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-5-HTTP-Strict-Transport-Security.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-6-Referrer-Policy.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-6-Referrer-Policy.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-4-7-X-Frame-Options.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-4-7-X-Frame-Options.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/14-5-2-Origin-header.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/14-5-2-Origin-header.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/2-5-2-secret-questions.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/2-5-2-secret-questions.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-1-1-Session-tokens-in-URLs.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-1-1-Session-tokens-in-URLs.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-1-1-token-in-url.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-1-1-token-in-url.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-2-2-session-token-entropy.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-2-2-session-token-entropy.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-4-1-cookie-secure-attribute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-4-1-cookie-secure-attribute.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-4-2-cookie-httponly-attribute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-4-2-cookie-httponly-attribute.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-4-3-cookie-samesite-attribute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-4-3-cookie-samesite-attribute.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-4-4-cookie-host-prefix.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-4-4-cookie-host-prefix.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/3-4-5-cookie-path-attribute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/3-4-5-cookie-path-attribute.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/4-1-2-Hidden-fields.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/4-1-2-Hidden-fields.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/4-1-5-fail-securely.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/4-1-5-fail-securely.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/4-2-2-CSRF-tokens.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/4-2-2-CSRF-tokens.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/5-1-1-HTTP parameter-pollution.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/5-1-1-HTTP parameter-pollution.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/5-2-4-eval-body.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/5-2-4-eval-body.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/5-3-2-preserve-encoding.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/5-3-2-preserve-encoding.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/8-2-1-anti-cache-header.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/8-2-1-anti-cache-header.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/8-3-1-sensitive-data-parameters.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/8-3-1-sensitive-data-parameters.py


--------------------------------------------------------------------------------
/ZAP-scripts/passive/9-1-1-tls-communication.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/passive/9-1-1-tls-communication.py


--------------------------------------------------------------------------------
/ZAP-scripts/standalone/reformat-alerts.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/HEAD/ZAP-scripts/standalone/reformat-alerts.js


--------------------------------------------------------------------------------