OWASP – WSTG-SESS-03 – Session Management Testing – Testing for Session Fixation
Summary Session fixation is enabled by the insecure practice of preserving the same value of the session cookies before...
- Home
- Frameworks and Standards
- OWASP WSTG
OWASP WSTG
OWASP – WSTG-ATHN-10 – Authentication Testing – Testing for Weaker Authentication in Alternative Channel
Summary The most prevalent and most easily administered authentication mechanism is a static password. The password represents the keys...OWASP – WSTG-ATHZ-01 – Authorization Testing – Testing Directory Traversal File Include
Summary Many web applications use and manage files as part of their daily operation. Using input validation methods that...OWASP – WSTG-ATHZ-02 – Authorization Testing – Testing for Bypassing Authorization Schema
Summary This kind of test focuses on verifying how the authorization schema has been implemented for each role or privilege...OWASP – WSTG-ATHZ-03 – Authorization Testing – Testing for Privilege Escalation
Summary This section describes the issue of escalating privileges from one stage to another. During this phase, the tester should...OWASP – WSTG-ATHZ-04 – Authorization Testing – Testing for Insecure Direct Object References
Summary Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a...OWASP – WSTG-BUSL-01 – Business logic Testing – Test Business Logic Data Validation
Summary The application must ensure that only logically valid data can be entered at the front end as well...OWASP – WSTG-APIT-01 – API Testing – Testing GraphQL
Summary GraphQL has become very popular in modern APIs. It provides simplicity and nested objects, which facilitate faster development. While...OWASP – WSTG-BUSL-02 – Business logic Testing – Test Ability to Forge Requests
Summary Forging requests is a method that attackers use to circumvent the front end GUI application to directly submit information...OWASP – WSTG-ATHN-01 – Authentication Testing – Testing for Credentials Transported over an Encrypted Channel
Summary Testing for credentials transport verifies that web applications encrypt authentication data in transit. This encryption prevents attackers from...