#
OWASP Web Security Testing Guide (WSTG)
#
Acronyms, Abbreviations, and Initialisms
#
Overview
The Web Security Testing Guide (WSTG) is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.
#
Testing Methods
- Information Gathering
- Configuration and Deployment Management Testing
- Identity Management Testing
- Authentication Testing
- Authorization Testing
- Session Management Testing
- Input Validation Testing
- Testing for Error Handling
- Testing for Weak Cryptography
- Business Logic Testing
- Client-side Testing
- API Testing
#
Noteworthy
- The OWASP WSTG contains 12 methods of testing.
- The OWASP WSTG provides guidance for testing web applications and web services.
#
Sources
- https://owasp.org/www-project-web-security-testing-guide
- https://github.com/OWASP/wstg/releases/download/v4.2/wstg-v4.2.pdf