Professional Documents
Culture Documents
OWASP: Testing Guide v4.2 Checklist: Information Gathering Test Name
OWASP: Testing Guide v4.2 Checklist: Information Gathering Test Name
OWASP: Testing Guide v4.2 Checklist: Information Gathering Test Name
2 Checklist
Configuration and
Deploy Management Test Name
Testing
Identity Management
Test Name
Testing
Session Management
Test Name
Testing
Not Started
Pass
Issues
N/A
Objectives Status Notes
- Identify what sensitive design and configuration information of
the application, system, or organization is exposed directly (on the
organization's website) or indirectly (via third-party services). Not Started
- Identify possible entry and injection points through request and response
analysis.
Not Started
- Map the target application and understand the principal workflows.
Not Started
- Fingerprint the components being used by the web applications. Not Started
Not Started
- Generate a map of the application at hand based on the research
conducted.
Not Started
Vulnerability Factors
Easy of Discovery Practically impossible [1] 1
Ease of Exploit Easy [5] 5
Awareness Hidden [4] 4
Intrusion Detection Logged and reviewed [3] 3
Impact
Likelihood Low ->Moderate<- High
->Low<- Note ->Low<- Moderate
Moderate Low Moderate High
High Moderate High Critical
k Assessment Calculator
sessment Calculator
Impact factors
Technical Impact Factors
Loss of confidentiality Minimal non-sensitive data disclosed [2] 2
Loss of Integrity All data totally corrupt [9] 9
Loss of Availability Minimal secondary services interrupted [1] 1
Loss of Accountability Not Applicable [0] 0
Low
Skills required Motive Opportunity
Select an option Select an option Select an option
Not Applicable [0] 0 Not Applicable [0] 0 Full access or expensive resources required [0] 0
No technical skills [1] 1 Low or no reward [1] 1 Special access or resources required [4] 4
Some technical skills [3] 3 Possible reward [4] 4 Some access or resources required [7] 7
Advanced computer user [5] 5 High reward [9] 9 No access or resources required [9] 9
Network and programming skills [6] 6
Security penetration skills [9] 9