Testing for Browser cache weakness (OTG-AUTHN-006)Testing for Weak password policy (OTG-AUTHN-007)Testing for Weak security question/answer (OTG-AUTHN-008)Testing for weak password change or reset functionalities (OTG-AUTHN-009)Testing for Weaker authentication in alternative channel (OTG-AUTHN-010)5. Authorization Testing (79-87)Testing Directory traversal/file include (OTG-AUTHZ-001)Testing for bypassing authorization schema (OTG-AUTHZ-002)Testing for Privilege Escalation (OTG-AUTHZ-003)Testing for Insecure Direct Object References (OTG-AUTHZ-004)6. Session Management Testing (87-100)Testing for Bypassing Session Management Schema (OTG-SESS-001)Testing for Cookies attributes (OTG-SESS-002)Testing for Session Fixation (OTG-SESS-003)Testing for Exposed Session Variables (OTG-SESS-004)Testing for Cross Site Request Forgery (CSRF) (OTG-SESS-005)Testing for logout functionality (OTG-SESS-006)Test Session Timeout (OTG-SESS-007)Testing for Session puzzling (OTG-SESS-008)7. Input Validation Testing (100-110)Testing for Reflected Cross Site Scripting (OTG-INPVAL-001)Testing for Stored Cross Site Scripting (OTG-INPVAL-002)Testing for HTTP Verb Tampering (OTG-INPVAL-003)Testing for HTTP Parameter pollution (OTG-INPVAL-004)8. Input Validation Testing (110-123)Testing for SQL Injection (OTG-INPVAL-005)Oracle TestingMySQL Testing9. Input Validation Testing (123-133)SQL Server TestingTesting PostgreSQL (from OWASP BSP)MS Access TestingTesting for NoSQL injection10. Input Validation Testing (133-144)Testing for LDAP Injection (OTG-INPVAL-006)Testing for ORM Injection (OTG-INPVAL-007)Testing for XML Injection (OTG-INPVAL-008)
Subscribe to view the full document.
Testing for SSI Injection (OTG-INPVAL-009)Testing for XPath Injection (OTG-INPVAL-010)IMAP/SMTP Injection (OTG-INPVAL-011)11. Input Validation Testing (144-156)Testing for Code Injection (OTG-INPVAL-012)Testing for Local File InclusionTesting for Remote File InclusionTesting for Command Injection (OTG-INPVAL-013)Testing for Buffer overflow (OTG-INPVAL-014)
As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.
Temple University Fox School of Business ‘17, Course Hero Intern
I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.
University of Pennsylvania ‘17, Course Hero Intern
The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.