Web Application Security Testing

The following sections describe the 12 subcategories of the Web Application Penetration Testing Methodology:

• Introduction and Objectives
• Information Gathering
• Configuration and Deployment Management Testing
• Identity Management Testing
• Authentication Testing
• Authorization Testing
• Session Management Testing
• Input Validation Testing
• Testing for Error Handling
• Testing for weak Cryptography
• Business Logic Testing
• Client Side Testing