Skip to content

Latest commit

 

History

History
20 lines (17 loc) · 3.36 KB

0.FRAMEWORK.md

File metadata and controls

20 lines (17 loc) · 3.36 KB

Pentest web framework

Mapping Between PortSwigger Web Security Academy and OWASP WSTG

Category Security Measures (PortSwigger Web Security Academy) Corresponding OWASP WSTG Chapters
1. Information Gathering - Techniques for gathering information about the target application. - WSTG-INFO (Information Gathering)
2. Configuration and Deployment Management Testing - Testing for misconfigurations and deployment issues. - WSTG-CONF (Configuration Testing)
3. Identity Management Testing - Testing authentication mechanisms and session management. - WSTG-ATHN (Authentication Testing)
- WSTG-SESS (Session Management Testing)
4. Authentication Testing - Testing for authentication vulnerabilities. - WSTG-ATHN (Authentication Testing)
5. Authorization Testing - Testing for authorization vulnerabilities. - WSTG-ATHZ (Authorization Testing)
6. Session Management Testing - Testing for session management vulnerabilities. - WSTG-SESS (Session Management Testing)
7. Input Validation Testing - Testing for input validation vulnerabilities. - WSTG-INPV (Input Validation Testing)
8. Error Handling Testing - Testing for error handling vulnerabilities. - WSTG-EROR (Error Handling Testing)
9. Cryptographic Storage Testing - Testing for cryptographic storage vulnerabilities. - WSTG-CRYP (Cryptography Testing)
10. Communications Security Testing - Testing for communications security vulnerabilities. - WSTG-COMM (Communications Testing)
11. Business Logic Testing - Testing for business logic vulnerabilities. - WSTG-BUSL (Business Logic Testing)
12. Client-Side Testing - Testing for client-side vulnerabilities. - WSTG-CLNT (Client-Side Testing)
13. API Testing - Testing for API vulnerabilities. - WSTG-APIT (API Testing)