A checklist for systematically going through the OWASP Testing Guide V4
This repository contains comprehensive documentation based on the OWASP (Open Web Application Security Project) Testing Guide v4.2. It covers various aspects of web application security testing, including business logic, client-side testing, API testing, and API documentation testing.
- Business Logic Data Validation
- Request Forgery Testing
- Integrity Checks
- Process Timing
- Function Limits
- Workflow Testing
- Application Misuse Testing
- File Upload Testing
- DOM-based XSS Testing
- JavaScript Execution
- HTML Injection
- Client-side URL Redirect
- CSS Injection
- Resource Manipulation
- Cross Origin Resource Sharing
- Cross Site Flashing
- Clickjacking
- WebSockets
- Web Messaging
- Browser Storage
- Object Level Authorization
- Authentication Testing
- Data Exposure
- Resource & Rate Limiting
- Function Level Authorization
- Mass Assignment
- Security Misconfiguration
- Injection Testing
- Assets Management
- Logging & Monitoring
- Documentation Completeness
- Specification Conformance
- Version Management
- Security Documentation
- Examples and Use Cases
Each section includes:
- Detailed testing techniques
- Recommended tools
- Best practices
- Official documentation references
- Testing methodologies
This documentation serves as a comprehensive guide for security professionals, developers, and QA engineers involved in web application security testing. It follows OWASP's widely-recognized security testing standards and best practices.
- OWASP Testing Guide v4.2
- OWASP API Security Top 10
- OWASP Security Testing Best Practices
Feel free to contribute to this documentation by submitting pull requests or opening issues for any improvements or corrections.