ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBABBBC
1
CategoryRef. NumberTest NameTest NameStatusRiskLink to EvidenceOutcomeNotes
2
Info Gathering4.2.1OTG-INFO-001Conduct Search Engine Discovery and Reconnaissance for Information LeakageNot Started
3
4.2.2OTG-INFO-002Fingerprint Web ServerNot Started
4
4.2.3OTG-INFO-003Review Webserver Metafiles for Information LeakageNot Started
5
4.2.4OTG-INFO-004Enumerate Applications on WebserverNot StartedStatusOutcome
6
4.2.5OTG-INFO-005Review Webpage Comments and Metadata for Information LeakageNot StartedNot StartedPass
7
4.2.6OTG-INFO-006Identify application entry pointsNot StartedOngoingFail
8
4.2.7OTG-INFO-007Map execution paths through applicationNot StartedCompleted
Not Applicable
9
4.2.8OTG-INFO-008Fingerprint Web Application FrameworkNot Started
Not Applicable
10
4.2.9OTG-INFO-009Fingerprint Web ApplicationNot Started
11
4.2.10OTG-INFO-010Map Application ArchitectureNot Started
12
13
Configuration and Deploy Management Testing4.3.1OTG-CONFIG-001Test Network/Infrastructure ConfigurationNot Started
14
4.3.2OTG-CONFIG-002Test Application Platform ConfigurationNot Started
15
4.3.3OTG-CONFIG-003Test File Extensions Handling for Sensitive InformationNot Started
16
4.3.4OTG-CONFIG-004Backup and Unreferenced Files for Sensitive InformationNot Started
17
4.3.5OTG-CONFIG-005Enumerate Infrastructure and Application Admin InterfacesNot Started
18
4.3.6OTG-CONFIG-006Test HTTP MethodsNot Started
19
4.3.7OTG-CONFIG-007Test HTTP Strict Transport SecurityNot Started
20
4.3.8OTG-CONFIG-008Test RIA cross domain policyNot Started
21
22
Identity Management Testing4.4.1OTG-IDENT-001Test Role DefinitionsNot Started
23
4.4.2OTG-IDENT-002Test User Registration ProcessNot Started
24
4.4.3OTG-IDENT-003Test Account Provisioning ProcessNot Started
25
4.4.4OTG-IDENT-004Testing for Account Enumeration and Guessable User AccountNot Started
26
4.4.5OTG-IDENT-005Testing for Weak or unenforced username policyNot Started
27
4.4.6OTG-IDENT-006Test Permissions of Guest/Training AccountsNot Started
28
4.4.7OTG-IDENT-007Test Account Suspension/Resumption ProcessNot Started
29
30
Authentication Testing4.5.1OTG-AUTHN-001Testing for Credentials Transported over an Encrypted ChannelNot Started
31
4.5.2OTG-AUTHN-002Testing for default credentialsNot Started
32
4.5.3OTG-AUTHN-003Testing for Weak lock out mechanismNot Started
33
4.5.4OTG-AUTHN-004Testing for bypassing authentication schemaNot Started
34
4.5.5OTG-AUTHN-005Test remember password functionalityNot Started
35
4.5.6OTG-AUTHN-006Testing for Browser cache weaknessNot Started
36
4.5.7OTG-AUTHN-007Testing for Weak password policyNot Started
37
4.5.8OTG-AUTHN-008Testing for Weak security question/answerNot Started
38
4.5.9OTG-AUTHN-009Testing for weak password change or reset functionalitiesNot Started
39
4.5.10OTG-AUTHN-010Testing for Weaker authentication in alternative channelNot Started
40
41
Authorization Testing4.6.1OTG-AUTHZ-001Testing Directory traversal/file includeNot Started
42
4.6.2OTG-AUTHZ-002Testing for bypassing authorization schemaNot Started
43
4.6.3OTG-AUTHZ-003Testing for Privilege EscalationNot Started
44
4.6.4OTG-AUTHZ-004Testing for Insecure Direct Object ReferencesNot Started
45
46
Session Management Testing4.7.1OTG-SESS-001Testing for Bypassing Session Management SchemaNot Started
47
4.7.2OTG-SESS-002Testing for Cookies attributesNot Started
48
4.7.3OTG-SESS-003Testing for Session FixationNot Started
49
4.7.4OTG-SESS-004Testing for Exposed Session VariablesNot Started
50
4.7.5OTG-SESS-005Testing for Cross Site Request ForgeryNot Started
51
4.7.6OTG-SESS-006Testing for logout functionalityNot Started
52
4.7.7OTG-SESS-007Test Session TimeoutNot Started
53
4.7.8OTG-SESS-008Testing for Session puzzlingNot Started
54
55
Data Validation Testing4.8.1OTG-INPVAL-001Testing for Reflected Cross Site ScriptingNot Started
56
4.8.2OTG-INPVAL-002Testing for Stored Cross Site ScriptingNot Started
57
4.8.3OTG-INPVAL-003Testing for HTTP Verb TamperingNot Started
58
4.8.4OTG-INPVAL-004Testing for HTTP Parameter pollutionNot Started
59
4.8.5OTG-INPVAL-005Testing for SQL InjectionNot Started
60
4.8.5.1Oracle TestingNot Started
61
4.8.5.2MySQL TestingNot Started
62
4.8.5.3SQL Server TestingNot Started
63
4.8.5.4Testing PostgreSQLNot Started
64
4.8.5.5MS Access TestingNot Started
65
4.8.5.6Testing for NoSQL injectionNot Started
66
4.8.6OTG-INPVAL-006Testing for LDAP InjectionNot Started
67
4.8.7OTG-INPVAL-007Testing for ORM InjectionNot Started
68
4.8.8OTG-INPVAL-008Testing for XML InjectionNot Started
69
4.8.9OTG-INPVAL-009Testing for SSI InjectionNot Started
70
4.8.10OTG-INPVAL-010Testing for XPath InjectionNot Started
71
4.8.11OTG-INPVAL-011IMAP/SMTP InjectionNot Started
72
4.8.12OTG-INPVAL-012Testing for Code InjectionNot Started
73
4.8.12.1Testing for Local File InclusionNot Started
74
4.8.12.2Testing for Remote File InclusionNot Started
75
4.8.13OTG-INPVAL-013Testing for Command InjectionNot Started
76
4.8.14OTG-INPVAL-014Testing for Buffer overflowNot Started
77
4.8.14.1Testing for Heap overflowNot Started
78
4.8.14.2Testing for Stack overflowNot Started
79
4.8.14.3Testing for Format stringNot Started
80
4.8.15OTG-INPVAL-015Testing for incubated vulnerabilitiesNot Started
81
4.8.16OTG-INPVAL-016Testing for HTTP Splitting/SmugglingNot Started
82
83
Error Handling4.9.1OTG-ERR-001Analysis of Error CodesNot Started
84
4.9.2OTG-ERR-002Analysis of Stack TracesNot Started
85
86
Cryptography4.10.1OTG-CRYPST-001Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer ProtectionNot Started
87
4.10.2OTG-CRYPST-002Testing for Padding OracleNot Started
88
4.10.3OTG-CRYPST-003Testing for Sensitive information sent via unencrypted channelsNot Started
89
90
Business Logic Testing4.11.1OTG-BUSLOGIC-001Test Business Logic Data ValidationNot Started
91
4.11.2OTG-BUSLOGIC-002Test Ability to Forge RequestsNot Started
92
4.11.3OTG-BUSLOGIC-003Test Integrity ChecksNot Started
93
4.11.4OTG-BUSLOGIC-004Test for Process TimingNot Started
94
4.11.5OTG-BUSLOGIC-005Test Number of Times a Function Can be Used LimitsNot Started
95
4.11.6OTG-BUSLOGIC-006Testing for the Circumvention of Work FlowsNot Started
96
4.11.7OTG-BUSLOGIC-007Test Defenses Against Application Mis-useNot Started
97
4.11.8OTG-BUSLOGIC-008Test Upload of Unexpected File TypesNot Started
98
4.11.9OTG-BUSLOGIC-009Test Upload of Malicious FilesNot Started
99
100
Client Side Testing4.12.1OTG-CLIENT-001Testing for DOM based Cross Site ScriptingNot Started