OWASP WSTG

Summary SQL injection testing checks if it is possible to inject data into the application so that it executes a...

  Summary Web servers usually give developers the ability to add small pieces of dynamic code inside static HTML pages,...

  Summary XPath is a language that has been designed and developed primarily to address parts of an XML document....

Summary This threat affects all applications that communicate with mail servers (IMAP/SMTP), generally webmail applications. The aim of this test...

  Summary The Session Tokens (Cookie, SessionID, Hidden Field), if exposed, will usually enable an attacker to impersonate a victim...

Summary Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions on a web...

Summary Session termination is an important part of the session lifecycle. Reducing to a minimum the lifetime of the session...

  Summary In this phase testers check that the application automatically logs out a user when that user has been...

Summary Session Variable Overloading (also known as Session Puzzling) is an application level vulnerability which can enable an attacker to...

Summary This article describes how to test an application for OS command injection. The tester will try to inject an...