@hackinarticles https://github.com/Ignitetechnologies https://in.linkedin.

com/company/hackingarticles

OWASP Testing Checklist

Testing for Credentials Transported over an Encrypted Channel

Check referrer whether its HTTP or HTTPs. Sending data through HTTP and HTTPS. Conduct Search Engine Discovery Reconnaissance for Information Leakage
Burp Proxy Identify what sensitive design and configuration information of the
WSTG-ATHN-01 Tools
ZAP application, system, or organization is exposed directly (on the
organization’s website) or indirectly (via third-party services)
Testing for Weak Password Policy OWASP Top 10 - NA
Bing
Determine the resistance of the application against brute force CWE - NA
Shodan WSTG-INFO-01 Map Application Architecture
password guessing using available password dictionaries by evaluating Testing for Default Credentials Tools
the length, complexity, reuse, and aging requirements of passwords. Understand the architecture of the application and the technologies in use.
Google
Determine whether the application has any user accounts with default passwords.
Burp Proxy Browser
Common Crawl
WSTG-ATHN-07 Burp Intruder
ZAP Tools WSTG-INFO-10 Tools curl
WSTG-ATHN-02 OWASP Top 10 - NA
Tools THC Hydra
Hydra CWE - NA wget
Nikto 2
A7 OWASP Top 10 OWASP Top 10 - NA
Fingerprint Web Server
OWASP Top 10 A7
CWE-521 CWE - NA
Determine the version and type of a running web server to enable
CWE CWE CWE-1392
CWE-1391 further discovery of any known vulnerabilities Fingerprint Web Application
Testing for Weak Lock Out Mechanism
Testing for Weak Security Question Answer Netcraft Identify the web application and version to determine known
Evaluate the account lockout mechanism's ability to mitigate brute force password guessing.
Nikto2 vulnerabilities and the appropriate exploits.
Determine the complexity and how straight-forward the questions are.
WSTG-ATHN-03 Tools Browser Tools WSTG-INFO-02
Assess possible user answers and brute force capabilities. Whatweb
Nmap
WSTG-ATHN-08 A7
Browser Tools OWASP Top 10 BlindElephant
Zenmap WSTG-INFO-09
CWE CWE-307 Tools
A7 OWASP Top 10 Wappalyzer
A5
Testing for Bypassing Authentication Schema OWASP Top 10
CWE-640 CWE CMSmap
A6
Testing for Weak Password Change or Reset Functionalities Ensure that authentication is applied across all services that require it.
CWE-756 OWASP Top 10 - NA
Determine whether the password change and reset functionality allows WebGoat CWE
Tools CWE -1352 CWE - NA
accounts to be compromised. OWASP Zed Attack
Review Webserver Metafiles for Information Leakage Fingerprint Web Application Framework
Browser A1
WSTG-ATHN-09 Authentication Testing WSTG-ATHN-04 OWASP Top 10 Identify hidden or obfuscated paths and functionality through the analysis of metadata files Fingerprint the components being used by the web applications.
Burp Proxy Tools A7
Browser WhatWeb
ZAP CWE-287 Tools
curl Information Gathering WSTG-INFO-08 Wappalyzer
A7 OWASP Top 10 CWE-288

CWE-290 wget Tools WSTG-INFO-03 A5

CWE-620 OWASP Top 10
CWE
CWE-640 CWE-294 Burp Suite A6

Testing for Weaker Authentication in Alternative Channel CWE CWE-302 CWE-756

ZAP
CWE
CWE-304
Identify alternative authentication channels. Assess the security A1 OWASP Top 10 CWE -1104
measures used and if any bypasses exists on the alternative channels. CWE-306
CWE-200 CWE Map Execution Paths Through Application
WSTG-ATHN-10 CWE-425
Browser Tools
Enumerate Applications on Webserver Map the target application and understand the principal workflows.
CWE-804
A7 OWASP Top 10
Testing for Vulnerable Remember Password Enumerate the applications within the scope that exist on a web server ZAP
CWE-288 CWE
Validate that the generated session is managed securely and do not put the users credentials in danger. Nmap WSTG-INFO-07 Tools List of spreadsheet software
Testing Multi-Factor Authentication
Tools Browser Nessus Vulnerability Scanner Tools WSTG-INFO-04 Diagramming software
Identify the type of MFA used by the application. Determine whether
the MFA implementation is robust and secure. Attempt to bypass the WSTG-ATHN-05 A4 Nikto2 OWASP Top 10 - NA
MFA. OWASP Top 10
A5 OWASP Top 10 - NA CWE - NA
WSTG-ATHN-11
JMeter Tools Identify Application Entry Points
CWE-315 CWE - NA
A7 OWASP Top 10 CWE CWE-522 Identify possible entry and injection points through request and response analysis.
Review Webpage Content for Information Leakage
CWE-288 CWE-524
Review webpage comments, metadata, and redirect bodies to find any information leakage. OWASP Zed Attack Proxy (ZAP)
CWE-304 CWE Testing for Browser Cache Weaknesses
Eyeballs WSTG-INFO-06 Tools Burp Suite
CWE-308
Review if the application stores sensitive information on the client-side. Fiddler
Review if access can occur without authorization. Curl
WSTG-ATHN-06 Zaproxy OWASP Top 10 - NA
Tools OWASP Zed Attack Proxy
Tools WSTG-INFO-05
Burp Suite CWE - NA
OWASP Top 10 A4
CWE CWE-525 Waybackurls

Google Maps API Scanner

A1 OWASP Top 10

CWE-200
CWE
Testing for Session Management Schema CWE-540

Gather session tokens, for the same user and for different users where
possible.Analyze and ensure that enough randomness exists to stop Test Network Infrastructure Configuration
session forging attacks.
Review the applications’configurations set across the network and
OWASP Zed Attack Proxy Project (ZAP) - features a session token analysis mechanism. validate that they are not vulnerable.
Testing JSON Web Tokens
Burp Sequencer Tools Tools Nessus
WSTG-SESS-01 Determine whether the JWTs expose sensitive information. Determine
YEHG's JHijack WSTG-CONF-01 A1
whether the JWTs can be tampered with or modified.
A2 OWASP Top 10 A5
John the Ripper
OWASP Top 10
A4 A6
jwt2john
CWE-315 CWE-284
WSTG-SESS-10 Tools jwt-cracker
CWE-330 CWE CWE-1349
JSON Web Tokens Burp Extension
CWE
CWE-539 CWE-1352
ZAP JWT Add-on
CWE-694 Test Application Platform Configuration
OWASP Top 10 A7
Testing for Cookies Attributes Ensure that defaults and known files have been removed. Validate that
CWE-345
no debugging code or extensions are left in the production
Ensure that the proper security configuration is set for cookies. CWE CWE-757 environments.
OWASP Zed Attack Proxy Project CWE-798 Browser
Intercepting Proxy Tools
Web Proxy Burp Suite Nikto2
Testing for Session Hijacking
Tamper Data for FF Quantum Tools Identify vulnerable session cookies. Hijack vulnerable cookies and assess the risk level. A1
Test RIA Cross Domain Policy
“FireSheep” for FireFox Jhijack OWASP Top 10 A5
Browser Plug-in WSTG-SESS-02 Analyse the permissions allowed from the policy files WSTG-CONF-02
WSTG-SESS-09 Tools
“EditThisCookie” for Chrome ZAP (crossdomain.xml/clientaccesspolicy.xml) and allow-access-from. A9
“Cookiebro - Cookie Manager” for FireFox Burp Proxy CWE-13
OWASP Top 10 A2
A5 OWASP Top 10 WSTG-CONF-08
CWE CWE-523 ZAP Tools CWE-117
CWE-16 Testing for Session Puzzling Nikto2 CWE-223
CWE-614 Identify all session variables. Break the logical flow of session generation. A5 OWASP Top 10 CWE-200
CWE
CWE-1004 Session Management Testing
Burp Proxy CWE-942 CWE CWE-201
WSTG-SESS-08 Tools CWE
CWE-1275 ZAP Test File Permission CWE-489
Testing for Session Fixation OWASP Top 10 A7 Review and identify any rogue file permissions. CWE-532
Analyze the authentication mechanism and its flow. Force cookies and assess the impact. CWE CWE-841 Windows AccessEnum CWE-548
OWASP ZAP Tools WSTG-SESS-03 Windows AccessChk Tools CWE-651
Testing Session Timeout
A7 OWASP Top 10 Linux namei WSTG-CONF-09 CWE-778
Validate that a hard session timeout exists, after the timeout has passed,
CWE-384 CWE all session tokens should be destroyed or be unusable.
A1 Test File Extensions Handling for Sensitive Information
Burp Proxy OWASP Top 10
Testing for Exposed Session Variables WSTG-SESS-07 A5 Dirbust sensitive file extensions, or extensions that might contain raw
Tools
ZAP data (e.g. scripts, raw data, credentials, etc.).
Ensure that proper encryption is implemented. Review the caching CWE-552
configuration. Assess the channel and methods’ security. CWE wget
OWASP Top 10 A7
CWE-732
OWASP ZAP WSTG-SESS-04 CWE CWE-613 Tools curl
Tools Test for Subdomain Takeover WSTG-CONF-03
Burp Proxy Testing for Logout Functionality google for "web mirroring tools”
Enumerate all possible domains (previous and current). Identify
A7 OWASP Top 10 Assess the logout UI. Analyze the session timeout and if the session is forgotten or misconfigured domains. OWASP Top 10 A1
CWE-598 CWE properly killed after logout.
dig CWE-200
WSTG-SESS-06
Testing for Cross Site Request Forgery Tools Burp Suite - Repeater
recon-ng CWE CWE-425
Determine whether it is possible to initiate requests on a user’s behalf OWASP Top 10 A7 WSTG-CONF-10
theHarvester Tools CWE-552
that are not initiated by the user.
CWE CWE-613
Sublist3r Configuration and Deployment Review Old Backup and Unreferenced Files for Sensitive Information
OWASP ZAP
WSTG-SESS-05 dnsrecon Management Testing Find and analyse unreferenced files that might contain sensitive information.
CSRF Tester Tools
OWASP Top 10 - NA Nessus
Pinata-csrf-tool
CWE-673 CWE Nikto2
A1 OWASP Top 10
Test Cloud Storage wget
CWE-352 CWE
Assess that the access control configuration for the storage services is properly in place. Tools Wget for Windows
WSTG-CONF-04
AWS CLI Tools WSTG-CONF-11 Sam Spade

A1 OWASP Top 10 Xenu

CWE-264 CWE curl

Test for Content Security Policy OWASP Top 10 A1

Testing for DOM-Based Cross Site Scripting Review the Content-Security-Policy header or meta element to identify misconfigurations. CWE-200
Identify DOM sinks. Build payloads that pertain to every sink type. Testing for Reverse Tabnabbing Google CSP Evaluator CWE CWE-531
Burp Proxy An Attack which can be used to redirect users to phishing pages. CSP Auditor Tools WSTG-CONF-12 CWE-538
Tools WSTG-CLNT-14
DOMinator WSTG-CLNT-01 OWASP Top 10 A3 CSP Generator Enumerate Infrastructure and Application Admin Interfaces
Testing for Self DOM Based Cross Site Scripting CWE CWE - 1022 A5 OWASP Top 10 Identify hidden administrator interfaces and functionality.
A3 OWASP Top 10 Testing for Cross Site Script Inclusion CWE-1021 CWE OWASP ZAP - Forced Browse
CWE-79 CWE Locate sensitive data across the system. Assess the leakage of sensitive Test for Path Confusion Tools THC-HYDRA
WSTG-CLNT-13 data through various techniques
Testing for JavaScript Execution WSTG-CONF-05
netsparker
OWASP Top 10 A3 Make sure application paths are configured correctly.
Identify sinks and possible JavaScript injection points. A1
CWE CWE - 79 OWASP Zed Attack Proxy OWASP Top 10
Burp Proxy Tools WSTG-CONF-13 A4
Tools WSTG-CLNT-02 Testing Browser Storage Burp Suite
ZAP CWE-284
Determine whether the website is storing sensitive data in client-side storage. A5 OWASP Top 10 CWE
A3 OWASP Top 10 CWE-419
A1 CWE-436 CWE
CWE-79 CWE OWASP Top 10 Test HTTP Methods
WSTG-CLNT-12
A4
Testing for HTML Injection Enumerate supported HTTP methods. Test for access control bypass.
CWE-312 Test HTTP method overriding techniques.
Identify HTML injection points and assess the severity of the injected content.
CWE-313 Ncat
Burp Proxy CWE
Tools WSTG-CLNT-03 CWE-315 WSTG-CONF-06 Tools cURL
ZAP
CWE-922 Nmap http-methods NSE script
A3 OWASP Top 10
Testing Web Messaging OWASP Top 10 A5
CWE-80 CWE
Assess the security of the messages origin. CWE-650
Testing for Client-side URL Redirect
CWE
Burp Proxy CWE-749
Identify injection points that handle URLs or paths. WSTG-CLNT-11 Tools
ZAP Test HTTP Strict Transport Security
Burp Proxy
Tools WSTG-CLNT-04 OWASP Top 10 A5
ZAP
Client-Side Testing Review the HSTS header and its validity.
CWE CWE-1020 Burp Proxy
A4 OWASP Top 10
Testing WebSockets WSTG-CONF-07 Tools ZAP
CWE-601 CWE
Assess its implementation by using the same tests on normal HTTP channels. curl
Testing for CSS Injection
Tools ZAP OWASP Top 10 A5
Identify CSS injection points.
WSTG-CLNT-10
A2 CWE CWE-523
Burp Proxy OWASP Top 10
Tools WSTG-CLNT-05 A3
ZAP
CWE-319
A3 OWASP Top 10 CWE
CWE-1347
CWE-20 CWE
Testing for Clickjacking Testing for Code Injection
Testing for Client-side Resource Manipulation Testing for Reflected Cross Site Scripting
Assess how strict the security measures are and if they are bypassable. Identify injection points where you can inject code into the application.
Identify sinks with weak input validation. Identify variables that are reflected in responses. Assess the input they
Burp Proxy Burp Proxy
accept and the encoding that gets applied on return (if any).
Burp Proxy WSTG-CLNT-09 Tools
Tools WSTG-CLNT-06 ClickjackingTool ZAP
Tools PCE
ZAP
OWASP Top 10 A5 Liffy WSTG-INPV-01
Tools Hackvertor
A3 OWASP Top 10
CWE CWE - 1021 Panoptic
WSTG-INPV-11 Burp Proxy
CWE-20 CWE
Testing for Cross Site Flashing kadimus
Tools Testing for File Inclusion OWASP Top 10 A3
Testing Cross Origin Resource Sharing
Decompile and analyze the application’s code. Assess sinks inputs and unsafe method usages. LFI Suite
CWE CWE-79
Ensure that the CORS configuration is secure or harmless.
OWASP SWFIntruder A3 OWASP Top 10
Testing for Stored Cross Site Scripting
Burp Proxy
Tools WSTG-CLNT-07 Decompiler – Flare CWE-22
Identify stored input that is reflected on the client-side. Assess the input
ZAP WSTG-CLNT-08 Tools
Disassembler – Flasm CWE-94 they accept and the encoding that gets applied on return (if any).
A5 OWASP Top 10
Swfmill – Convert Swf to XML and vice versa CWE-95 CWE PCE
CWE-942 CWE
OWASP Top 10 A3 CWE-98 Hackvertor
WSTG-INPV-02
CWE CWE - 79 CWE-829 Tools BeEF

Testing for Command Injection XSS-Proxy

Identify and assess the command injection points. Burp-Proxy

OWASP WebGoat OWASP Top 10 A3

Tools
Commix WSTG-INPV-12 CWE CWE-79
Testing Directory Traversal File Include

Identify injection points that pertain to path traversal.Assess bypassing A3 OWASP Top 10 Testing for HTTP Verb Tampering
techniques and identify the extent of path traversal.
CWE-77 Craft custom HTTP requests to test the other methods to bypass URL
DotDotPwn CWE authentication and authorization.
CWE-78
WSTG-INPV-03
Path Traversal Fuz Tools netcat
Testing for Format String Injection
OWASP ZAP OWASP Top 10 - NA
Assess whether injecting format string conversion specifiers into user-
Burp Suite Tools controlled fields causes undesired behavior from the application. CWE - NA
WSTG-INPV-13
WSTG-ATHZ-01
Encoding/Decoding tools A3 OWASP Top 10 Testing for HTTP Parameter Pollution

String searcher "grep” CWE-134 CWE Identify the backend and the parsing method used. Assess injection
points and try bypassing input filters using HPP.
DirBuster Testing for Incubated Vulnerability WSTG-INPV-04
Tools OWASP ZAP Passive/Active Sc
A1 OWASP Top 10 Testing for OAuth Client Weaknesses Identify injections that are stored and require a recall step to the stored injection.
OWASP Top 10 A3
CWE-22 Identify weaknesses in the OAuth client. XSS-proxy
CWE CWE-235
CWE-23 BurpSuite OWASP Zed Attack Proxy (ZAP)
CWE Tools Testing for SQL Injection
CWE-35 WSTG-ATHZ-NA Tools EsPReSSO Burp Suite WSTG-INPV-14
Identify SQL injection points. Assess the severity of the injection and the
CWE-829 OWASP ZAP Metasploit level of access that can be achieved through it.
Testing for Bypassing Authorization Schema OWASP Top 10 A1 A3 OWASP Top 10 Fuzzdb
Assess if horizontal or vertical access is possible. CWE-NA CWE-79 sqlbftools
Tools
ZAP add-on: Access Control Testing OWASP Zed Attack Proxy (ZAP) Testing for OAuth Authorization Server Weaknesses CWE-434 CWE Bernardo Damele A. G.: sqlmap, automatic SQL injection tool
Burp extension: AuthMatrix Tools CWE-1236
Identify weaknesses in the Authorization Server. Muhaimin Dzulfakar: MySqloit, MySql Injection takeover tool
Port Swigger Burp Suite WSTG-ATHZ-02
Burp extension: Autorize BurpSuite Testing for HTTP Splitting Smuggling OWASP Top 10 A3
A1 OWASP Top 10 WSTG-ATHZ-NA Tools EsPReSSO Assess if the application is vulnerable to splitting, identifying what CWE CWE-89
possible attacks are achievable.
CWE-285 Authorization Testing OWASP ZAP Orascan
Burp Proxy Testing for Oracle Tools
CWE-732 OWASP Top 10 A1 NGS SQuirreL
CWE WSTG-INPV-05
ZAP Tools
CWE-862 CWE-NA Francois Larouche: Multiple DBMS SQL Injection tool
WSTG-INPV-15
netcat
CWE-863 Testing for OAuth Weaknesses Reversing.org - sqlbftools
A3 Testing for MySQL Tools
Testing for Privilege Escalation Determine if OAuth2 implementation is vulnerable or using a OWASP Top 10 Bernardo Damele A. G.: sqlmap, automatic SQL injection tool
deprecated or custom implementation. A4 Input Validation Testing
Identify injection points related to privilege manipulation. Fuzz or Muhaimin Dzulfakar: MySqloit, MySql Injection takeover tool
otherwise attempt to bypass security measures. BurpSuite CWE-93
Testing for SQL Server Tools Bernardo Damele A. G.: sqlmap, automatic SQL injection tool
OWASP Zed Attack Proxy (ZAP) Tools WSTG-ATHZ-03 Tools EsPReSSO CWE-113 CWE
WSTG-ATHZ-05
Testing PostgreSQL Tools SQLMap
A1 OWASP Top 10 OWASP ZAP CWE-444
Testing for MS Access Tools SQLMap
CWE-269 OWASP Top 10 A1 Testing for HTTP Incoming Requests
CWE Testing for NoSQL Injection Tools NoSQLMap
CWE-639 CWE-290 Monitor all incoming and outgoing HTTP requests to the Web Server to
inspect any suspicious requests. Testing for ORM Injection Tools SQLMap
Testing for Insecure Direct Object References CWE CWE-345
Fiddler Testing for Client-side Tools SQLMap
Identify points where object references may occur. Assess the access CWE-798
control measures and if they’re vulnerable to IDOR. TCPProxy Testing for LDAP Injection

Burp Proxy (Autorize) Charles Web Debugging Proxy Identify LDAP injection points. Assess the severity of the injection.
WSTG-ATHZ-04
Tools
ZAP WireShark WSTG-INPV-06 Tools Softerra LDAP Browser
WSTG-INPV-16
Tools
A1 OWASP Top 10 PowerEdit-Pcap OWASP Top 10 A3

CWE-639 CWE pcapteller CWE CWE-90

replayproxy Testing for XML Injection

Test Role Definitions Ostinato Identify XML injection points. Assess the types of exploits that can
be attained and their severities.
Identify and document roles used by the application.Attempt to switch, OWASP Top 10 - NA
change, or access another role. WSTG-INPV-07 Tools XML Injection Fuzz Strings (from wfuzz tool)
CWE - NA
Testing for Account Enumeration and Guessable User Account Burp's Autorize extension OWASP Top 10 A5
WSTG-IDNT-01 Tools Testing for Host Header Injection
Review processes that pertain to user identification (e.g. registration, ZAPs Access Control Testing add-on CWE-91
Assess if the Host header is being parsed dynamically in the application.
login, etc.). Enumerate users where possible through response analysis. CWE CWE-611
OWASP Top 10 A4 Bypass security controls that rely on the header.
OWASP Zed Attack Proxy (ZAP) WSTG-INPV-17
CWE-266 A4 OWASP Top 10 CWE-652
WSTG-IDNT-04 CWE
curl Tools Testing for SSI Injection
CWE-269 CWE-74
PERL CWE
Test User Registration Process CWE-116 Identify SSI injection points. Assess the severity of the injection.
A7 OWASP Top 10 Web Proxy Burp Suite
Verify that the identity requirements for user registration are aligned Testing for Server-side Template Injection
CWE-204 CWE with business and security requirements. Validate the registration
WSTG-INPV-08 Tools OWASP ZAP
process. Detect template injection vulnerability points. Identify the templating engine.
Testing for Weak or Unenforced Username Policy Identity Management Testing WSTG-IDNT-02
String searcher: grep
Tools HTTP proxy tools Tplmap
Determine whether a consistent account name structure renders the OWASP Top 10 A3
application vulnerable to account enumeration. OWASP Top 10 A4 Backslash Powered Scanner Burp Suite extension Tools WSTG-INPV-18
CWE CWE - 97
Browser CWE CWE-419 Template expression test strings/payloads list
WSTG-IDNT-05 Testing for XPath Injection
Burp Proxy Tools Test Account Provisioning Process A4 OWASP Top 10
Identify XPATH injection points.
ZAP Burp Proxy CWE-1336 CWE
Burp Proxy
A7 OWASP Top 10 Verify which accounts may provision other accounts and of what type. ZAP Testing for Server-Side Request Forgery Tools
WSTG-INPV-09
WSTG-IDNT-03 ZAP
CWE-204 CWE HTTP proxy tools Identify SSRF injection points. Test if the injection points are exploitable.
WSTG-INPV-19 OWASP Top 10 A3
OWASP Top 10 A4 A10 OWASP Top 10
CWE-91
CWE-269 CWE-918 CWE CWE
CWE CWE-643
CWE-280 Testing for Mass Assignment
Testing for IMAP SMTP Injection
Identify requests that modify objects. Assess if it is possible to modify
fields never intended to be modified from outside Identify IMAP/SMTP injection points. Understand the data flow and
WSTG-INPV-20
deployment structure of the system. Assess the injection impacts.
A4 OWASP Top 10
WSTG-INPV-10 Burp Proxy
CWE-915 CWE Tools
Testing for Improper Error Handling ZAP

Identify existing error output. Analyze the different output returned. OWASP Top 10 A3

Tools Burp Proxy, ZAP CWE CWE - 147

OWASP Top 10 A5
WSTG-ERRH-01
CWE-209

CWE-210

CWE-431

CWE CWE-497

CWE-544 Testing for Weak Transport Layer Security

Testing for Error Handling CWE-550 Review the digital certificate’s cryptographic strength and validity.
CWE-728 Ensure that the TLS security is not bypassable and is properly
implemented across the application.
Testing for Stack Traces
Nmap (various scripts)
Analyze the different output returned. Testing for Sensitive Information Sent via Unencrypted Channels
OWASP O-Saft
Burp Proxy Identify sensitive information transmitted through the various channels.
WSTG-ERRH-02 Tools sslscan
ZAP Assess the privacy and security of the channels used. Tools
sslyze
OWASP Top 10 - NA curl
SSL Labs
CWE - NA grep WSTG-CRYP-01
Tools WSTG-CRYP-03 testssl.sh
Wireshark
A2
TCPDUMP OWASP Top 10
A7
A2 OWASP Top 10
CWE-295
CWE-311
CWE-296
CWE-319 CWE
CWE-297
CWE-523
CWE-298
Testing for Weak Encryption
CWE CWE-319
Provide a guideline for the identification weak encryption or hashing
uses and implementations. CWE-326
Testing for Weak Cryptography
Nessus CWE-327
Vulnerability scanners
NMAP (scripts) CWE-310
Tools
Fortify CWE-757
static code analysis tool
klocwork Testing for Padding Oracle

A2 OWASP Top 10 Identify encrypted messages that rely on padding. Attempt to break the
padding of the encrypted messages and analyze the returned error
CWE-261
Testing for the Circumvention of Work Flows messages for further analysis.

Review the project documentation for methods to skip or go through CWE-320

Bletchley
steps in the application process in a different order from the intended Test Business Logic Data Validation
CWE-321 WSTG-CRYP-04
business logic flow. PadBuster
Validate that all checks are occurring on the back end and can’t be bypassed. WSTG-CRYP-02
CWE-322
Burp Proxy WSTG-BUSL-06 Tools Padding Oracle Exploitation Tool (POET)
ZAP
Tools WSTG-BUSL-01 Tools CWE-323 Poracle
ZAP Burp Suite
CWE-324
python-paddingoracle
A4 OWASP Top 10 OWASP Top 10 A4
CWE-325
CWE-841 CWE OWASP Top 10 A2
CWE CWE-840
CWE-326
CWE-326
Test Defenses Against Application Misuse Test Ability to Forge Requests CWE
CWE-327 CWE-649
Understand the defenses in place and verify if they are enough to Review the project documentation looking for guessable, predictable, or
protect the system against bypassing techniques. CWE-328
hidden functionality of fields.
Burp Proxy CWE-329
WSTG-BUSL-07 WSTG-BUSL-02 ZAP
Tools Tools
ZAP CWE-330
Burp Suite
A4 OWASP Top 10 CWE-331 CWE
OWASP Top 10 A4
CWE-693 CWE CWE-335
CWE CWE-840
Test Upload of Unexpected File Types CWE-336
Test Integrity Checks
Verify that file batch uploads are secure and do not allow any bypass CWE-337
Determine what type of data is logically acceptable by the component and
against the set security measures. what types the system should guard against. CWE-338
Burp Proxy Burp Proxy CWE-340
Tools WSTG-BUSL-08 WSTG-BUSL-03 Tools
ZAP ZAP CWE-347
A4 OWASP Top 10
Business Logic Testing
OWASP Top 10 A4 CWE-354
CWE-434 CWE-840 CWE-759
CWE CWE
CWE-602 CWE-472 CWE-760
Test Upload of Malicious Files Test for Process Timing CWE-780
Review the project documentation to identify what file types are Review the project documentation for system functionality that may be impacted by time. CWE-798
considered acceptable, and what types would be considered dangerous
or malicious.If documentation is not available then consider what would Burp Proxy CWE-916
be appropriate based on the purpose of the application. Tools
WSTG-BUSL-04
ZAP
WSTG-BUSL-09
Metasploit’s payload generation functionality
Tools OWASP Top 10 A4
Intercepting proxy
CWE-840
A4 OWASP Top 10 CWE
CWE-362
CWE-434 CWE Test Number of Times a Function Can Be Used Limits
Test Payment Functionality Assess if there is a logical limit set on the functions and if it is properly validated.
Determine whether the business logic for the e-commerce functionality is robust. Burp Proxy Testing GraphQL
Tools
Burp Proxy
WSTG-BUSL-05 ZAP Assess that a secure and production-ready configuration is deployed.
Tools
ZAP WSTG-BUSL-10 A4 GraphQL Playground
OWASP Top 10
A4 OWASP Top 10
A7 GraphQL Voyager
CWE-472 CWE CWE-799 sqlmap
CWE-602 CWE WSTG-APIT-01 Tools
API Testing InQL (Burp Extension)
CWE-807
GraphQL Raider (Burp Extension)

GraphQL (Add-on for OWASP ZAP)

OWASP Top 10 A3

CWE CWE - 1347