{% embed url="https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf" %}
- Run through this guideline EVERY time you test a web application
- Starts on page 27
- Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001) -- Page 28
- Fingerprint Web Server (OTG-INFO-002) -- Page 29
- Review Webserver Metafiles for Information Leakage (OTG-INFO-003) -- Page 32
- Enumerate Applications on Webserver (OTG-INFO-004) -- Page 34
- Review webpage comments and metadata for information leakage (OTG-INFO-005) -- Page 37
- Identify application entry points (OTG-INFO-006) -- Page 38
- Map execution paths through application (OTG-INFO-007) -- Page 40
- Fingerprint Web Application Framework (OTG-INFO-008) -- Page 41
- Fingerprint Web Application (OTG-INFO-009) -- Page 44
- Map Application Architecture (OTG-INFO-010) -- Page 47
Also, corrospond your testing to this checklist!
{% embed url="https://github.com/tanprathan/OWASP-Testing-Checklist" %} Repo {% endembed %}
Why is a checklist important?
- Very useful when you are using mental methodology
- It helps to go through your general methodology first
- Then, go back through the checklist and try what you did not!