{
"name": "OWASP WSTG",
"description": "Cybersecurity testing resource for web application developers and security professionals.",
"enabled_fields": [
"references",
"description"
],
"status_choices": [
"Not Tested",
"Out of scope",
"Fail",
"Partial",
"Pass"
],
"categories": [
"Session Management Testing",
"Input Validation Testing",
"Business Logic Testing",
"Client-side Testing",
"Identity Management Testing",
"Information Gathering",
"Configuration and Deployment Management Testing",
"API Testing",
"Authentication Testing",
"Testing for Weak Cryptography",
"Testing for Error Handling",
"Authorization Testing"
],
"items": [
{
"order": 1,
"name": "Conduct Search Engine Discovery Reconnaissance for Information Leakage",
"reference": "WSTG-INFO-01",
"category": "Information Gathering",
"description": "Identify what sensitive design and configuration information of the application, system, or organization is exposed directly (on the organization's website) or indirectly (via third-party services).",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 2,
"name": "Fingerprint Web Server",
"reference": "WSTG-INFO-02",
"category": "Information Gathering",
"description": "Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 3,
"name": "Review Webserver Metafiles for Information Leakage",
"reference": "WSTG-INFO-03",
"category": "Information Gathering",
"description": "Identify hidden or obfuscated paths and functionality through the analysis of metadata files.
Extract and map other information that could lead to a better understanding of the systems at hand.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 4,
"name": "Enumerate Applications on Webserver",
"reference": "WSTG-INFO-04",
"category": "Information Gathering",
"description": "Enumerate the applications within the scope that exist on a web server.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 5,
"name": "Review Webpage Content for Information Leakage",
"reference": "WSTG-INFO-05",
"category": "Information Gathering",
"description": "Review webpage comments, metadata, and redirect bodies to find any information leakage.
Gather JavaScript files and review the JS code to better understand the application and to find any information leakage.
Identify if source map files or other front-end debug files exist.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 6,
"name": "Identify Application Entry Points",
"reference": "WSTG-INFO-06",
"category": "Information Gathering",
"description": "Identify possible entry and injection points through request and response analysis.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/06-Identify_Application_Entry_Points",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 7,
"name": "Map Execution Paths Through Application",
"reference": "WSTG-INFO-07",
"category": "Information Gathering",
"description": "Map the target application and understand the principal workflows.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 8,
"name": "Fingerprint Web Application Framework",
"reference": "WSTG-INFO-08",
"category": "Information Gathering",
"description": "Fingerprint the components being used by the web applications.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 9,
"name": "Fingerprint Web Application",
"reference": "WSTG-INFO-09",
"category": "Information Gathering",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 10,
"name": "Map Application Architecture",
"reference": "WSTG-INFO-10",
"category": "Information Gathering",
"description": "Understand the architecture of the application and the technologies in use.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 11,
"name": "Test Network Infrastructure Configuration",
"reference": "WSTG-CONF-01",
"category": "Configuration and Deployment Management Testing",
"description": "Review the applications' configurations set across the network and validate that they are not vulnerable.
Validate that used frameworks and systems are secure and not susceptible to known vulnerabilities due to unmaintained software or default settings and credentials.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 12,
"name": "Test Application Platform Configuration",
"reference": "WSTG-CONF-02",
"category": "Configuration and Deployment Management Testing",
"description": "Ensure that defaults and known files have been removed.
Validate that no debugging code or extensions are left in the production environments.
Review the logging mechanisms set in place for the application.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 13,
"name": "Test File Extensions Handling for Sensitive Information",
"reference": "WSTG-CONF-03",
"category": "Configuration and Deployment Management Testing",
"description": "Dirbust sensitive file extensions, or extensions that might contain raw data (*e.g.* scripts, raw data, credentials, etc.).
Validate that no system framework bypasses exist on the rules set.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 14,
"name": "Review Old Backup and Unreferenced Files for Sensitive Information",
"reference": "WSTG-CONF-04",
"category": "Configuration and Deployment Management Testing",
"description": "Find and analyse unreferenced files that might contain sensitive information.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 15,
"name": "Enumerate Infrastructure and Application Admin Interfaces",
"reference": "WSTG-CONF-05",
"category": "Configuration and Deployment Management Testing",
"description": "Identify hidden administrator interfaces and functionality.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 16,
"name": "Test HTTP Methods",
"reference": "WSTG-CONF-06",
"category": "Configuration and Deployment Management Testing",
"description": "Enumerate supported HTTP methods.
Test for access control bypass.
Test HTTP method overriding techniques.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 17,
"name": "Test HTTP Strict Transport Security",
"reference": "WSTG-CONF-07",
"category": "Configuration and Deployment Management Testing",
"description": "Review the HSTS header and its validity.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 18,
"name": "Test RIA Cross Domain Policy",
"reference": "WSTG-CONF-08",
"category": "Configuration and Deployment Management Testing",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 19,
"name": "Test File Permission",
"reference": "WSTG-CONF-09",
"category": "Configuration and Deployment Management Testing",
"description": "Review and identify any rogue file permissions.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 20,
"name": "Test for Subdomain Takeover",
"reference": "WSTG-CONF-10",
"category": "Configuration and Deployment Management Testing",
"description": "Enumerate all possible domains (previous and current).
Identify forgotten or misconfigured domains.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 21,
"name": "Test Cloud Storage",
"reference": "WSTG-CONF-11",
"category": "Configuration and Deployment Management Testing",
"description": "Assess that the access control configuration for the storage services is properly in place.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/11-Test_Cloud_Storage",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 22,
"name": "Testing for Content Security Policy",
"reference": "WSTG-CONF-12",
"category": "Configuration and Deployment Management Testing",
"description": "Review the Content-Security-Policy header or meta element to identify misconfigurations.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/12-Test_for_Content_Security_Policy",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 23,
"name": "Test Path Confusion",
"reference": "WSTG-CONF-13",
"category": "Configuration and Deployment Management Testing",
"description": "Make sure application paths are configured correctly.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/13-Test_for_Path_Confusion",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 24,
"name": "Test Role Definitions",
"reference": "WSTG-IDNT-01",
"category": "Identity Management Testing",
"description": "Identify and document roles used by the application.
Attempt to switch, change, or access another role.
Review the granularity of the roles and the needs behind the permissions given.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 25,
"name": "Test User Registration Process",
"reference": "WSTG-IDNT-02",
"category": "Identity Management Testing",
"description": "Verify that the identity requirements for user registration are aligned with business and security requirements.
Validate the registration process.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 26,
"name": "Test Account Provisioning Process",
"reference": "WSTG-IDNT-03",
"category": "Identity Management Testing",
"description": "Verify which accounts may provision other accounts and of what type.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 27,
"name": "Testing for Account Enumeration and Guessable User Account",
"reference": "WSTG-IDNT-04",
"category": "Identity Management Testing",
"description": "Review processes that pertain to user identification (*e.g.* registration, login, etc.).
Enumerate users where possible through response analysis.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 28,
"name": "Testing for Weak or Unenforced Username Policy",
"reference": "WSTG-IDNT-05",
"category": "Identity Management Testing",
"description": "Determine whether a consistent account name structure renders the application vulnerable to account enumeration.
Determine whether the application's error messages permit account enumeration.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/05-Testing_for_Weak_or_Unenforced_Username_Policy",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 29,
"name": "Testing for Credentials Transported over an Encrypted Channel",
"reference": "WSTG-ATHN-01",
"category": "Authentication Testing",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 30,
"name": "Testing for Default Credentials",
"reference": "WSTG-ATHN-02",
"category": "Authentication Testing",
"description": "Determine whether the application has any user accounts with default passwords.
Review whether new user accounts are created with weak or predictable passwords.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 31,
"name": "Testing for Weak Lock Out Mechanism",
"reference": "WSTG-ATHN-03",
"category": "Authentication Testing",
"description": "Evaluate the account lockout mechanism's ability to mitigate brute force password guessing.
Evaluate the unlock mechanism's resistance to unauthorized account unlocking.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 32,
"name": "Testing for Bypassing Authentication Schema",
"reference": "WSTG-ATHN-04",
"category": "Authentication Testing",
"description": "Ensure that authentication is applied across all services that require it.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 33,
"name": "Testing for Vulnerable Remember Password",
"reference": "WSTG-ATHN-05",
"category": "Authentication Testing",
"description": "Validate that the generated session is managed securely and do not put the user's credentials in danger.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 34,
"name": "Testing for Browser Cache Weaknesses",
"reference": "WSTG-ATHN-06",
"category": "Authentication Testing",
"description": "Review if the application stores sensitive information on the client-side.
Review if access can occur without authorization.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 35,
"name": "Testing for Weak Password Policy",
"reference": "WSTG-ATHN-07",
"category": "Authentication Testing",
"description": "Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse, and aging requirements of passwords.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 36,
"name": "Testing for Weak Security Question Answer",
"reference": "WSTG-ATHN-08",
"category": "Authentication Testing",
"description": "Determine the complexity and how straight-forward the questions are.
Assess possible user answers and brute force capabilities.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 37,
"name": "Testing for Weak Password Change or Reset Functionalities",
"reference": "WSTG-ATHN-09",
"category": "Authentication Testing",
"description": "Determine whether the password change and reset functionality allows accounts to be compromised.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 38,
"name": "Testing for Weaker Authentication in Alternative Channel",
"reference": "WSTG-ATHN-10",
"category": "Authentication Testing",
"description": "Identify alternative authentication channels.
Assess the security measures used and if any bypasses exists on the alternative channels.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 39,
"name": "Testing Multi-Factor Authentication (MFA)",
"reference": "WSTG-ATHN-11",
"category": "Authentication Testing",
"description": "Identify the type of MFA used by the application.
Determine whether the MFA implementation is robust and secure.
Attempt to bypass the MFA.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/11-Testing_Multi-Factor_Authentication",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 40,
"name": "Testing Directory Traversal File Include",
"reference": "WSTG-ATHZ-01",
"category": "Authorization Testing",
"description": "Identify injection points that pertain to path traversal.
Assess bypassing techniques and identify the extent of path traversal.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 41,
"name": "Testing for Bypassing Authorization Schema",
"reference": "WSTG-ATHZ-02",
"category": "Authorization Testing",
"description": "Assess if horizontal or vertical access is possible.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 42,
"name": "Testing for Privilege Escalation",
"reference": "WSTG-ATHZ-03",
"category": "Authorization Testing",
"description": "Identify injection points related to privilege manipulation.
Fuzz or otherwise attempt to bypass security measures.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 43,
"name": "Testing for Insecure Direct Object References",
"reference": "WSTG-ATHZ-04",
"category": "Authorization Testing",
"description": "Identify points where object references may occur.
Assess the access control measures and if they're vulnerable to IDOR.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 44,
"name": "Testing for OAuth Weaknesses",
"reference": "WSTG-ATHZ-05",
"category": "Authorization Testing",
"description": "Determine if OAuth2 implementation is vulnerable or using a deprecated or custom implementation.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/05-Testing_for_OAuth_Weaknesses",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 45,
"name": "Testing for Session Management Schema",
"reference": "WSTG-SESS-01",
"category": "Session Management Testing",
"description": "Gather session tokens, for the same user and for different users where possible.
Analyze and ensure that enough randomness exists to stop session forging attacks.
Modify cookies that are not signed and contain information that can be manipulated.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 46,
"name": "Testing for Cookies Attributes",
"reference": "WSTG-SESS-02",
"category": "Session Management Testing",
"description": "Ensure that the proper security configuration is set for cookies.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 47,
"name": "Testing for Session Fixation",
"reference": "WSTG-SESS-03",
"category": "Session Management Testing",
"description": "Analyze the authentication mechanism and its flow.
Force cookies and assess the impact.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 48,
"name": "Testing for Exposed Session Variables",
"reference": "WSTG-SESS-04",
"category": "Session Management Testing",
"description": "Ensure that proper encryption is implemented.
Review the caching configuration.
Assess the channel and methods' security.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 49,
"name": "Testing for Cross Site Request Forgery",
"reference": "WSTG-SESS-05",
"category": "Session Management Testing",
"description": "Determine whether it is possible to initiate requests on a user's behalf that are not initiated by the user.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 50,
"name": "Testing for Logout Functionality",
"reference": "WSTG-SESS-06",
"category": "Session Management Testing",
"description": "Assess the logout UI.
Analyze the session timeout and if the session is properly killed after logout.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/06-Testing_for_Logout_Functionality",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 51,
"name": "Testing Session Timeout",
"reference": "WSTG-SESS-07",
"category": "Session Management Testing",
"description": "Validate that a hard session timeout exists.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 52,
"name": "Testing for Session Puzzling",
"reference": "WSTG-SESS-08",
"category": "Session Management Testing",
"description": "Identify all session variables.
Break the logical flow of session generation.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/08-Testing_for_Session_Puzzling",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 53,
"name": "Testing for Session Hijacking",
"reference": "WSTG-SESS-09",
"category": "Session Management Testing",
"description": "Identify vulnerable session cookies.
Hijack vulnerable cookies and assess the risk level.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/09-Testing_for_Session_Hijacking",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 54,
"name": "Testing JSON Web Tokens",
"reference": "WSTG-SESS-10",
"category": "Session Management Testing",
"description": "Determine whether the JWTs expose sensitive information.
Determine whether the JWTs can be tampered with or modified.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 55,
"name": "Testing for Reflected Cross Site Scripting",
"reference": "WSTG-INPV-01",
"category": "Input Validation Testing",
"description": "Identify variables that are reflected in responses.
Assess the input they accept and the encoding that gets applied on return (if any).",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 56,
"name": "Testing for Stored Cross Site Scripting",
"reference": "WSTG-INPV-02",
"category": "Input Validation Testing",
"description": "Identify stored input that is reflected on the client-side.
Assess the input they accept and the encoding that gets applied on return (if any).",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 57,
"name": "Testing for HTTP Verb Tampering",
"reference": "WSTG-INPV-03",
"category": "Input Validation Testing",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 58,
"name": "Testing for HTTP Parameter Pollution",
"reference": "WSTG-INPV-04",
"category": "Input Validation Testing",
"description": "Identify the backend and the parsing method used.
Assess injection points and try bypassing input filters using HPP.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 59,
"name": "Testing for SQL Injection",
"reference": "WSTG-INPV-05",
"category": "Input Validation Testing",
"description": "Identify SQL injection points.
Assess the severity of the injection and the level of access that can be achieved through it.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 60,
"name": "Testing for LDAP Injection",
"reference": "WSTG-INPV-06",
"category": "Input Validation Testing",
"description": "Identify LDAP injection points.
Assess the severity of the injection.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 61,
"name": "Testing for XML Injection",
"reference": "WSTG-INPV-07",
"category": "Input Validation Testing",
"description": "Identify XML injection points.
Assess the types of exploits that can be attained and their severities.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 62,
"name": "Testing for SSI Injection",
"reference": "WSTG-INPV-08",
"category": "Input Validation Testing",
"description": "Identify SSI injection points.
Assess the severity of the injection.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 63,
"name": "Testing for XPath Injection",
"reference": "WSTG-INPV-09",
"category": "Input Validation Testing",
"description": "Identify XPATH injection points.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 64,
"name": "Testing for IMAP SMTP Injection",
"reference": "WSTG-INPV-10",
"category": "Input Validation Testing",
"description": "Identify IMAP/SMTP injection points.
Understand the data flow and deployment structure of the system.
Assess the injection impacts.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 65,
"name": "Testing for Code Injection",
"reference": "WSTG-INPV-11",
"category": "Input Validation Testing",
"description": "Identify injection points where you can inject code into the application.
Assess the injection severity.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 66,
"name": "Testing for Command Injection",
"reference": "WSTG-INPV-12",
"category": "Input Validation Testing",
"description": "Identify and assess the command injection points.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 68,
"name": "Testing for Format String Injection",
"reference": "WSTG-INPV-13",
"category": "Input Validation Testing",
"description": "Assess whether injecting format string conversion specifiers into user-controlled fields causes undesired behavior from the application.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 69,
"name": "Testing for Incubated Vulnerability",
"reference": "WSTG-INPV-14",
"category": "Input Validation Testing",
"description": "Identify injections that are stored and require a recall step to the stored injection.
Understand how a recall step could occur.
Set listeners or activate the recall step if possible.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 70,
"name": "Testing for HTTP Splitting Smuggling",
"reference": "WSTG-INPV-15",
"category": "Input Validation Testing",
"description": "Assess if the application is vulnerable to splitting, identifying what possible attacks are achievable.
Assess if the chain of communication is vulnerable to smuggling, identifying what possible attacks are achievable.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 71,
"name": "Testing for HTTP Incoming Requests",
"reference": "WSTG-INPV-16",
"category": "Input Validation Testing",
"description": "Monitor all incoming and outgoing HTTP requests to the Web Server to inspect any suspicious requests.
Monitor HTTP traffic without changes of end user Browser proxy or client-side application.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 72,
"name": "Testing for Host Header Injection",
"reference": "WSTG-INPV-17",
"category": "Input Validation Testing",
"description": "Assess if the Host header is being parsed dynamically in the application.
Bypass security controls that rely on the header.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 73,
"name": "Testing for Server-side Template Injection",
"reference": "WSTG-INPV-18",
"category": "Input Validation Testing",
"description": "Detect template injection vulnerability points.
Identify the templating engine.
Build the exploit.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 74,
"name": "Testing for Server-Side Request Forgery",
"reference": "WSTG-INPV-19",
"category": "Input Validation Testing",
"description": "Identify SSRF injection points.
Test if the injection points are exploitable.
Asses the severity of the vulnerability.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 75,
"name": "Testing for Mass Assignment",
"reference": "WSTG-INPV-20",
"category": "Input Validation Testing",
"description": "Identify requests that modify objects
Assess if it is possible to modify fields never intended to be modified from outside",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_Mass_Assignment",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 76,
"name": "Testing for Improper Error Handling",
"reference": "WSTG-ERRH-01",
"category": "Testing for Error Handling",
"description": "Identify existing error output.
Analyze the different output returned.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 77,
"name": "Testing for Stack Traces",
"reference": "WSTG-ERRH-02",
"category": "Testing for Error Handling",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 78,
"name": "Testing for Weak Transport Layer Security",
"reference": "WSTG-CRYP-01",
"category": "Testing for Weak Cryptography",
"description": "Validate the service configuration.
Review the digital certificate's cryptographic strength and validity.
Ensure that the TLS security is not bypassable and is properly implemented across the application.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 79,
"name": "Testing for Padding Oracle",
"reference": "WSTG-CRYP-02",
"category": "Testing for Weak Cryptography",
"description": "Identify encrypted messages that rely on padding.
Attempt to break the padding of the encrypted messages and analyze the returned error messages for further analysis.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 80,
"name": "Testing for Sensitive Information Sent via Unencrypted Channels",
"reference": "WSTG-CRYP-03",
"category": "Testing for Weak Cryptography",
"description": "Identify sensitive information transmitted through the various channels.
Assess the privacy and security of the channels used.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 81,
"name": "Testing for Weak Encryption",
"reference": "WSTG-CRYP-04",
"category": "Testing for Weak Cryptography",
"description": "Provide a guideline for the identification weak encryption or hashing uses and implementations.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 82,
"name": "Test Business Logic Data Validation",
"reference": "WSTG-BUSL-01",
"category": "Business Logic Testing",
"description": "Identify data injection points.
Validate that all checks are occurring on the back end and can't be bypassed.
Attempt to break the format of the expected data and analyze how the application is handling it.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 83,
"name": "Test Ability to Forge Requests",
"reference": "WSTG-BUSL-02",
"category": "Business Logic Testing",
"description": "Review the project documentation looking for guessable, predictable, or hidden functionality of fields.
Insert logically valid data in order to bypass normal business logic workflow.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 84,
"name": "Test Integrity Checks",
"reference": "WSTG-BUSL-03",
"category": "Business Logic Testing",
"description": "Review the project documentation for components of the system that move, store, or handle data.
Determine what type of data is logically acceptable by the component and what types the system should guard against.
Determine who should be allowed to modify or read that data in each component.
Attempt to insert, update, or delete data values used by each component that should not be allowed per the business logic workflow.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 85,
"name": "Test for Process Timing",
"reference": "WSTG-BUSL-04",
"category": "Business Logic Testing",
"description": "Review the project documentation for system functionality that may be impacted by time.
Develop and execute misuse cases.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 86,
"name": "Test Number of Times a Function Can Be Used Limits",
"reference": "WSTG-BUSL-05",
"category": "Business Logic Testing",
"description": "Identify functions that must set limits to the times they can be called.
Assess if there is a logical limit set on the functions and if it is properly validated.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 87,
"name": "Testing for the Circumvention of Work Flows",
"reference": "WSTG-BUSL-06",
"category": "Business Logic Testing",
"description": "Review the project documentation for methods to skip or go through steps in the application process in a different order from the intended business logic flow.
Develop a misuse case and try to circumvent every logic flow identified.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 88,
"name": "Test Defenses Against Application Misuse",
"reference": "WSTG-BUSL-07",
"category": "Business Logic Testing",
"description": "Generate notes from all tests conducted against the system.
Review which tests had a different functionality based on aggressive input.
Understand the defenses in place and verify if they are enough to protect the system against bypassing techniques.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/07-Test_Defenses_Against_Application_Misuse",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 89,
"name": "Test Upload of Unexpected File Types",
"reference": "WSTG-BUSL-08",
"category": "Business Logic Testing",
"description": "Review the project documentation for file types that are rejected by the system.
Verify that the unwelcomed file types are rejected and handled safely.
Verify that file batch uploads are secure and do not allow any bypass against the set security measures.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 90,
"name": "Test Upload of Malicious Files",
"reference": "WSTG-BUSL-09",
"category": "Business Logic Testing",
"description": "Identify the file upload functionality.
Review the project documentation to identify what file types are considered acceptable, and what types would be considered dangerous or malicious.
If documentation is not available then consider what would be appropriate based on the purpose of the application.
Determine how the uploaded files are processed.
Obtain or create a set of malicious files for testing.
Try to upload the malicious files to the application and determine whether it is accepted and processed.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 91,
"name": "Test Payment Functionality",
"reference": "WSTG-BUSL-10",
"category": "Business Logic Testing",
"description": "Determine whether the business logic for the e-commerce functionality is robust.
Understand how the payment functionality works.
Determine whether the payment functionality is secure.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/10-Test-Payment-Functionality",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 92,
"name": "Testing for DOM-Based Cross Site Scripting",
"reference": "WSTG-CLNT-01",
"category": "Client-side Testing",
"description": "Identify DOM sinks.
Build payloads that pertain to every sink type.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 93,
"name": "Testing for JavaScript Execution",
"reference": "WSTG-CLNT-02",
"category": "Client-side Testing",
"description": "Identify sinks and possible JavaScript injection points.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/02-Testing_for_JavaScript_Execution",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 94,
"name": "Testing for HTML Injection",
"reference": "WSTG-CLNT-03",
"category": "Client-side Testing",
"description": "Identify HTML injection points and assess the severity of the injected content.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 95,
"name": "Testing for Client-side URL Redirect",
"reference": "WSTG-CLNT-04",
"category": "Client-side Testing",
"description": "Identify injection points that handle URLs or paths.
Assess the locations that the system could redirect to.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 96,
"name": "Testing for CSS Injection",
"reference": "WSTG-CLNT-05",
"category": "Client-side Testing",
"description": "Identify CSS injection points.
Assess the impact of the injection.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 97,
"name": "Testing for Client-side Resource Manipulation",
"reference": "WSTG-CLNT-06",
"category": "Client-side Testing",
"description": "Identify sinks with weak input validation.
Assess the impact of the resource manipulation.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/06-Testing_for_Client-side_Resource_Manipulation",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 98,
"name": "Testing Cross Origin Resource Sharing",
"reference": "WSTG-CLNT-07",
"category": "Client-side Testing",
"description": "Identify endpoints that implement CORS.
Ensure that the CORS configuration is secure or harmless.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 99,
"name": "Testing for Cross Site Flashing",
"reference": "WSTG-CLNT-08",
"category": "Client-side Testing",
"description": "Decompile and analyze the application's code.
Assess sinks inputs and unsafe method usages.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/08-Testing_for_Cross_Site_Flashing",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 100,
"name": "Testing for Clickjacking",
"reference": "WSTG-CLNT-09",
"category": "Client-side Testing",
"description": "Understand security measures in place.
Assess how strict the security measures are and if they are bypassable.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 101,
"name": "Testing WebSockets",
"reference": "WSTG-CLNT-10",
"category": "Client-side Testing",
"description": "Identify the usage of WebSockets.
Assess its implementation by using the same tests on normal HTTP channels.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 102,
"name": "Testing Web Messaging",
"reference": "WSTG-CLNT-11",
"category": "Client-side Testing",
"description": "Assess the security of the message's origin.
Validate that it's using safe methods and validating its input.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 103,
"name": "Testing Browser Storage",
"reference": "WSTG-CLNT-12",
"category": "Client-side Testing",
"description": "Determine whether the website is storing sensitive data in client-side storage.
The code handling of the storage objects should be examined for possibilities of injection attacks, such as utilizing unvalidated input or vulnerable libraries.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 104,
"name": "Testing for Cross Site Script Inclusion",
"reference": "WSTG-CLNT-13",
"category": "Client-side Testing",
"description": "Locate sensitive data across the system.
Assess the leakage of sensitive data through various techniques.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/13-Testing_for_Cross_Site_Script_Inclusion",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 105,
"name": "Testing for Reverse Tabnabbing",
"reference": "WSTG-CLNT-14",
"category": "Client-side Testing",
"description": "",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/14-Testing_for_Reverse_Tabnabbing",
"riskrating": "",
"notes": "",
"guide": ""
},
{
"order": 106,
"name": "Testing GraphQL",
"reference": "WSTG-APIT-01",
"category": "API Testing",
"description": "Assess that a secure and production-ready configuration is deployed.
Validate all input fields against generic attacks.
Ensure that proper access controls are applied.",
"subcategory": "",
"level": "",
"references": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL",
"riskrating": "",
"notes": "",
"guide": ""
}
]
}