[Owasp-testing] Today track

Tushar Vartak tusharvartak at me.com
Thu Jun 15 10:22:52 UTC 2017


Gents, 

I am using the below format in my fork of the repo


14th June 2017

Tushar Vartak: tusharvartak at me.com
Area for review: https://www.owasp.org/index.php/Client_Side_Testing
Objective: Identify areas for inclusion  / improvement through comparison with ASVS
https://www.owasp.org/images/6/67/OWASPApplicationSecurityVerificationStandard3.0.pdf

Section 1: Areas that corrospond to ASVS

4.12.1 Testing for DOM-based Cross site scripting (OTG-CLIENT-001)

5.15 Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected,stored and DOM Cross-Site Scripting (XSS) attacks. --> ASVS L1, L2, L3

4.12.2 Testing for JavaScript Execution (OTG-CLIENT-002)

5.15 Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected,stored and DOM Cross-Site Scripting (XSS) attacks. --> ASVS L1, L2, L3

#ADD TEST CASE# v11.7 Verify that the Content Security Policy V2 (CSP) is in use in a way that either disables inline JavaScript or provides an integrity check on inline JavaScript with CSP noncing or hashing.


4.12.3 Testing for HTML Injection (OTG-CLIENT-003)

4.12.4 Testing for Client Side URL Redirect (OTG-CLIENT-004)

4.12.5 Testing for CSS Injection (OTG-CLIENT-005)

4.12.6 Testing for Client Side Resource Manipulation (OTG-CLIENT-006)

4.12.7 Test Cross Origin Resource Sharing (OTG-CLIENT-007)

4.12.8 Testing for Cross Site Flashing (OTG-CLIENT-008)

4.12.9 Testing for Clickjacking (OTG-CLIENT-009)

4.12.10 Testing WebSockets (OTG-CLIENT-010)

4.12.11 Test Web Messaging (OTG-CLIENT-011)

4.12.12 Test Local Storage (OTG-CLIENT-012)


----DRAFT - end----

> On Jun 15, 2017, at 1:47 PM, Matteo Meucci <matteo.meucci at owasp.org> wrote:
> 
> Here is the link:
> 
> https://hangouts.google.com/hangouts/_/owasp.org/owasptgv5 <https://hangouts.google.com/hangouts/_/owasp.org/owasptgv5>
> 
> Thanks,
> Mat
> 
> On Thu, Jun 15, 2017 at 10:30 AM, Matteo Meucci <matteo.meucci at owasp.org <mailto:matteo.meucci at owasp.org>> wrote:
> We are closing the main track at the Summit.
> 
> We will start the hangout session at 10:45 London Time sorry for the late.
> Hangout: OWASPTGv5
> 
> Thanks,
> Mat
> 
> 
> 
> -- 
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy <http://www.owasp.org/index.php/Italy>
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide <http://www.owasp.org/index.php/Testing_Guide>
> Cell: +393283019559
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170615/169bb888/attachment-0001.html>


More information about the Owasp-testing mailing list