The document outlines a guide for updating the OWASP Testing Guide that includes adding new testing scenarios and objectives, updating existing sections, standardizing terminology and references, improving documentation, and performing general repository housekeeping tasks. It is based on contributions from over 120 pull requests and input from planning documents and discussions.
The document outlines a guide for updating the OWASP Testing Guide that includes adding new testing scenarios and objectives, updating existing sections, standardizing terminology and references, improving documentation, and performing general repository housekeeping tasks. It is based on contributions from over 120 pull requests and input from planning documents and discussions.
The document outlines a guide for updating the OWASP Testing Guide that includes adding new testing scenarios and objectives, updating existing sections, standardizing terminology and references, improving documentation, and performing general repository housekeeping tasks. It is based on contributions from over 120 pull requests and input from planning documents and discussions.
- Add GraphQL API testing scenario and details (WSTG-APIT-01).
- Add Test Objectives to all scenarios. - Add Testing for HTTP Method Overriding (WSTG-CONF-06). - Add to Review Webpage Content for Information Leakage (WSTG-INFO-05). - Add Testing for Session Hijacking (WSTG-SESS-09). - Add to Testing for Bypassing Authorization Schema (WSTG-ATHZ-02). - Add to Testing for Local File Inclusion (WSTG-INPV-11.1). - Add Appendix F: Leveraging Dev Tools. - Add Testing for Server-Side Request Forgery (WSTG-INPV-19). - Add to Testing for Weak Lock Out Mechanism (WSTG-ATHN-03). - Merge section Fingerprint Web Application (WSTG-INFO-09) into Fingerprint Web Application Framework (WSTG-INFO-08). - Merge section Testing for HTTP Verb Tampering (WSTG-INPV-03) into Test HTTP Methods (WSTG-CONF-06). - Merge section Testing for Stack Traces (WSTG-ERRH-02) into Testing for Improper Error Handling (WSTG-ERRH-01). - Update Frontispiece (Chapter 1). - Update Introduction (Chapter 2). - Update Test HTTP Strict Transport Security (WSTG-CONF-07). - Update Review Webserver Metafiles for Information Leakage (WSTG-INFO-03). - Update Penetration Testing Methodologies (Chapter 3.8). - Update Test HTTP Methods (WSTG-CONF-06). - Update Test Upload of Malicious Files (WSTG-BUSL-09). - Update Testing for Weak Encryption (WSTG-CRYP-04). - Update Testing for SSI Injection (WSTG-INPV-08). - Update Testing for Format String Injection (WSTG-INPV-13). - Update DOM-Based Cross Site Scripting to include sources, sinks, and their corresponding references (WSTG-CLNT-01). - Remove Testing for Buffer Overflow (WSTG-INPV-13). - Rewrite Fuzz Vectors (Appendix C). - Rewrite Testing for Weak Transport Layer Security (WSTG-CRYP-01). - Rewrite Role Definitions (WSTG-IDNT-01). - Rewrite Weak Lockout (WSTG-ATHN-03). - Rewrite Testing for Credentials Transported over an Encrypted Channel (WSTG- ATHN-01). - Rewrite Session Fixation Testing (WSTG-SESS-03). - Rewrite Testing for Improper Error Handling (WSTG-ERRH-01). - Rewrite Reporting section. - Update Test for Process Timing (WSTG-BUSL-04). - Update Contributor Guide, Style Guide, and Content Templates. - Standardize HTTP request/response examples. - Establish consistent terminology. - Change MiTM terminology to manipulator-in-the-middle, aligning with other industry projects such as ZAP. - Add reference and linking details. - Update references and links for tools, remove links and references for seemingly un-maintained tools. - Revise CIS-CAT and Wappalyzer references. - Add OWASP trademark registration. - Repository housekeeping: - Add Codespaces support. - Establish GitLocalize (https://gitlocalize.com/repo/5220) as a facility through which the project will accept translations. - Add terminology linting. - Add "Sponsor" details. - Automate creation of JSON "checklist". - Add action to refresh stale issues. - Add README and documentation for GitHub Action workflows. - Add manual triggers to various workflows (such as PDF generation). - For future use: - Establish a layout plan for v5. - Establish release plans and milestones/projects for 4.2, 4.3, and 5.0. - Based on: - ~120 Pull Requests. - 2 Google docs for planning and data collection. - Innumerable Slack discussions.