I have created a quick reference section for the web application penetration tester.
This section
breaks down some of our documentation into categories a pen-tester
would care about. We provide information on Session ID Attacks, Cross
Site Scripting, SQL Injection, HTTP Header Modification, Cookie
poisoning and more. This new section can be found on the blue upper
right hand tab above. I will be adding more documentation to this
section soon. Please if you think we missed something
Email Me.
Added Penetration Testing Section
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack