Web Application Security Testing Resources


Table of Contents

Web Application Security Testing Methodologies

Security assessments in general, and certainly web security assessments, are nearly as much art as science, so everyone has their own favorite method. Below are a few of the main methodologies that are out there.

WAHH Checklist
WAHH Chap. 20
OWASP Checklist
  • Recon and Analysis
  • Test Handling of Access
  • Test Handling of Input
  • Test Application Logic
  • Assess Application Hosting
  • Miscellaneous Checks
  • Map the Application's Content
  • Analyze the Application
  • Test Client-side Controls
  • Test Application Logic
  • Test the Authentication Mechanism
  • Test the Session Management Mechanism
  • Test Access Controls
  • Test for Input-based Vulnerabilities
  • Test for Function-specific Vulnerabilities
  • Test for Logic Flaws
  • Test for Shared Hosting Vulnerabilities
  • Test for Web Server Vulnerabilities
  • Miscellaneous Checks
  • Information Gathering
  • Configuration Management Testing
  • Authentication Testing
  • Session Management
  • Authorization Testing
  • Business Logic Testing
  • Data Validation Testing
  • Denial of Service Testing
  • Web Services Testing
  • Ajax Testing

Web Application Hacker's Handbook Checklist (http://portswigger.net/wahh/tasks.html)

[ **Reproduced with permission from authors; copyright Dafydd Stuttard and Marcus Pinto ]

Web Application Hacker's Handbook Testing Methodology [From Chapter 20 of the WAHH]

[ **Reproduced with permission from authors; copyright Dafydd Stuttard and Marcus Pinto ]

Notice that this methodology is quite different from the checklist provided above. Also keep in mind that the book itself provides additional detailed steps in each of the sections listed. This is meant to help one compare methodology approaches, not to provide the actual content.

The OWASP Testing Methodology Checklist (https://www.owasp.org/index.php/Testing_Checklist)

Suites / Frameworks

Standalone Web Assessment Tools

Web Assessment Utilities

Browser Extensions

Vulnerable Test Websites

These sites are purposely vulnerable for the purpose of testing web app security scanners. They are designed for this purpose, but I'd check to make sure it's ok before scanning them (just to be sure).


Download and Configure

Additional Resources


In adding to the lists of vulnerable sites over the years I've benefitted from other lists on the Internet, including Astyran which I believe to be a phenomenal websec resource in general.

If you’d like to connect or respond, please reach out via Twitter, using the comments below, or by email. Also consider subscribing to the site via RSS and checking out my other content.

Thank you for visiting.

blog comments powered by Disqus