├── OWASPv42_WSTG.xlsx
└── README.md


/OWASPv42_WSTG.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ViktorMares/OWASP-Testing-Guide-checklist/HEAD/OWASPv42_WSTG.xlsx


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # OWASP-Testing-Guide-checklist
  2 | The OWASP Testing Guide v4.2 Checlist [2023]
  3 | 
  4 | ### Download the Excel file, to use the full checklist with information and tools about each testing point
  5 | 
  6 | The contents are from: https://owasp.org/www-project-web-security-testing-guide/v42/
  7 | 
  8 | ## 4. Web Application Security Testing
  9 | 
 10 | ### 4.0 Introduction and Objectives
 11 | This section describes the OWASP web application security testing methodology and explains how to test for evidence of vulnerabilities within the application due to deficiencies with identified security controls.
 12 | 
 13 | ### 4.1 Information Gathering
 14 | - 4.1.1 Conduct Search Engine Discovery Reconnaissance for Information Leakage
 15 | - 4.1.2 Fingerprint Web Server
 16 | - 4.1.3 Review Webserver Metafiles for Information Leakage
 17 | - 4.1.4 Enumerate Applications on Webserver
 18 | - 4.1.5 Review Webpage Content for Information Leakage
 19 | - 4.1.6 Identify Application Entry Points
 20 | - 4.1.7 Map Execution Paths Through Application
 21 | - 4.1.8 Fingerprint Web Application Framework
 22 | - 4.1.9 Fingerprint Web Application
 23 | - 4.1.10 Map Application Architecture
 24 | 
 25 | ### 4.2 Configuration and Deployment Management Testing
 26 | - 4.2.1 Test Network Infrastructure Configuration
 27 | - 4.2.2 Test Application Platform Configuration
 28 | - 4.2.3 Test File Extensions Handling for Sensitive Information
 29 | - 4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information
 30 | - 4.2.5 Enumerate Infrastructure and Application Admin Interfaces
 31 | - 4.2.6 Test HTTP Methods
 32 | - 4.2.7 Test HTTP Strict Transport Security
 33 | - 4.2.8 Test RIA Cross Domain Policy
 34 | - 4.2.9 Test File Permission
 35 | - 4.2.10 Test for Subdomain Takeover
 36 | - 4.2.11 Test Cloud Storage
 37 | 
 38 | ### 4.3 Identity Management Testing
 39 | - 4.3.1 Test Role Definitions
 40 | - 4.3.2 Test User Registration Process
 41 | - 4.3.3 Test Account Provisioning Process
 42 | - 4.3.4 Testing for Account Enumeration and Guessable User Account
 43 | - 4.3.5 Testing for Weak or Unenforced Username Policy
 44 | 
 45 | ### 4.4 Authentication Testing
 46 | - 4.4.1 Testing for Credentials Transported over an Encrypted Channel
 47 | - 4.4.2 Testing for Default Credentials
 48 | - 4.4.3 Testing for Weak Lock Out Mechanism
 49 | - 4.4.4 Testing for Bypassing Authentication Schema
 50 | - 4.4.5 Testing for Vulnerable Remember Password
 51 | - 4.4.6 Testing for Browser Cache Weaknesses
 52 | - 4.4.7 Testing for Weak Password Policy
 53 | - 4.4.8 Testing for Weak Security Question Answer
 54 | - 4.4.9 Testing for Weak Password Change or Reset Functionalities
 55 | - 4.4.10 Testing for Weaker Authentication in Alternative Channel
 56 | 
 57 | ### 4.5 Authorization Testing
 58 | - 4.5.1 Testing Directory Traversal File Include
 59 | - 4.5.2 Testing for Bypassing Authorization Schema
 60 | - 4.5.3 Testing for Privilege Escalation
 61 | - 4.5.4 Testing for Insecure Direct Object References
 62 | 
 63 | ### 4.6 Session Management Testing
 64 | - 4.6.1 Testing for Session Management Schema
 65 | - 4.6.2 Testing for Cookies Attributes
 66 | - 4.6.3 Testing for Session Fixation
 67 | - 4.6.4 Testing for Exposed Session Variables
 68 | - 4.6.5 Testing for Cross Site Request Forgery
 69 | - 4.6.6 Testing for Logout Functionality
 70 | - 4.6.7 Testing Session Timeout
 71 | - 4.6.8 Testing for Session Puzzling
 72 | - 4.6.9 Testing for Session Hijacking
 73 | 
 74 | ### 4.7 Input Validation Testing
 75 | - 4.7.1 Testing for Reflected Cross Site Scripting
 76 | - 4.7.2 Testing for Stored Cross Site Scripting
 77 | - 4.7.3 Testing for HTTP Verb Tampering
 78 | - 4.7.4 Testing for HTTP Parameter Pollution
 79 | - 4.7.5 Testing for SQL Injection
 80 | - 4.7.5.1 Testing for Oracle
 81 | - 4.7.5.2 Testing for MySQL
 82 | - 4.7.5.3 Testing for SQL Server
 83 | - 4.7.5.4 Testing PostgreSQL
 84 | - 4.7.5.5 Testing for MS Access
 85 | - 4.7.5.6 Testing for NoSQL Injection
 86 | - 4.7.5.7 Testing for ORM Injection
 87 | - 4.7.5.8 Testing for Client-side
 88 | - 4.7.6 Testing for LDAP Injection
 89 | - 4.7.7 Testing for XML Injection
 90 | - 4.7.8 Testing for SSI Injection
 91 | - 4.7.9 Testing for XPath Injection
 92 | - 4.7.10 Testing for IMAP SMTP Injection
 93 | - 4.7.11 Testing for Code Injection
 94 | - 4.7.11.1 Testing for Local File Inclusion
 95 | - 4.7.11.2 Testing for Remote File Inclusion
 96 | - 4.7.12 Testing for Command Injection
 97 | - 4.7.13 Testing for Format String Injection
 98 | - 4.7.14 Testing for Incubated Vulnerability
 99 | - 4.7.15 Testing for HTTP Splitting Smuggling
100 | - 4.7.16 Testing for HTTP Incoming Requests
101 | - 4.7.17 Testing for Host Header Injection
102 | - 4.7.18 Testing for Server-side Template Injection
103 | - 4.7.19 Testing for Server-Side Request Forgery
104 | 
105 | ### 4.8 Testing for Error Handling
106 | - 4.8.1 Testing for Improper Error Handling
107 | - 4.8.2 Testing for Stack Traces
108 | 
109 | ### 4.9 Testing for Weak Cryptography
110 | - 4.9.1 Testing for Weak Transport Layer Security
111 | - 4.9.2 Testing for Padding Oracle
112 | - 4.9.3 Testing for Sensitive Information Sent via Unencrypted Channels
113 | - 4.9.4 Testing for Weak Encryption
114 | 
115 | ### 4.10 Business Logic Testing
116 | - 4.10.0 Introduction to Business Logic
117 | - 4.10.1 Test Business Logic Data Validation
118 | - 4.10.2 Test Ability to Forge Requests
119 | - 4.10.3 Test Integrity Checks
120 | - 4.10.4 Test for Process Timing
121 | - 4.10.5 Test Number of Times a Function Can Be Used Limits
122 | - 4.10.6 Testing for the Circumvention of Work Flows
123 | - 4.10.7 Test Defenses Against Application Misuse
124 | - 4.10.8 Test Upload of Unexpected File Types
125 | - 4.10.9 Test Upload of Malicious Files
126 | 
127 | ### 4.11 Client-side Testing
128 | - 4.11.1 Testing for DOM-Based Cross Site Scripting
129 | - 4.11.2 Testing for JavaScript Execution
130 | - 4.11.3 Testing for HTML Injection
131 | - 4.11.4 Testing for Client-side URL Redirect
132 | - 4.11.5 Testing for CSS Injection
133 | - 4.11.6 Testing for Client-side Resource Manipulation
134 | - 4.11.7 Testing Cross Origin Resource Sharing
135 | - 4.11.8 Testing for Cross Site Flashing
136 | - 4.11.9 Testing for Clickjacking
137 | - 4.11.10 Testing WebSockets
138 | - 4.11.11 Testing Web Messaging
139 | - 4.11.12 Testing Browser Storage
140 | - 4.11.13 Testing for Cross Site Script Inclusion
141 | 
142 | ### 4.12 API Testing
143 | - 4.12.1 Testing GraphQL
144 | 


--------------------------------------------------------------------------------