Fix Issue 96 - Rename everything without spaces or brackets

[kingthorin]

This PR covers issue #96.

• This PR handles the issue and requires no additional PRs.
• You have validated the need for this change.

What did this PR accomplish?

Rename everything, fix links, fix images.
Note: I specifically didn't update the v4 ToC content. IMHO it should be removed and recreated later when we're ready/closer to release.

Fixes #96

[patrickceg]

Any suggestions on what I should be looking at in this frighteningly large pull request?

I'm not about to spend an entire day validating that we did indeed remove every space or URL encoded space from every file name in the system: that's what scripting is for. In the future, for something that should be enforced through the entire project, we should make a build script (that will initially fail), and then make modifications until the script passes.

EDIT: After a bunch of text communication fails I've had in my experience, I should clarify that I'm not just !@#$ing and complaining. (Unfortunately I've run into people who automatically translate any criticism or suggestion into "The person at the other side of the conversation hates me.", and in text communication it's even worse because there is no non-verbal component aside from capital letters and emoji.) I make heavy use of counterexamples to push a point, and I know some personality types get "set off" as a false positive for a direct insult.

That heavy bit aside, I'd be happy to do scripting for verification if that's what's needed - I've been making test scripts since 2009 ... just I'd have to find which scripts work on markdown to be able to put together a CI for it... The worst case scenario is a script (e.g. Jekyll) transforms the markdown into HTML pages in a Docker container running an HTTP server, and we have a web crawler poke around it. That seems quite Rube-Goldberg though.

[ThunderSon]

Thank you Patrick for your proposal. We can discuss this and set up some CI tests. I'll be validating the file names as a starting point. We didn't want to resort to scripting as we didn't want to have any issues at the start and we wanted it fast before more commits were done with the name files.
I'll let @kingthorin discuss this more in details with you (since this is their work 😃 ), and we can have the CI tests discussed on Slack and in a repository issue as well. There are some linters for markdown as well. No need to go that hard 😄

[kingthorin]

Here's the structure/names after the changes:

Repo tree (click the triangle to expand):

C:.
|   OWASP_Testing_Guide_v4_Table_of_Contents.md
|   
+---0_Foreward
|       0 Foreword.md
|       
+---1_Frontispiece
|       1.2_About_The_Open_Web_Application_Security_Project.md
|       1_Frontispiece.md
|       
+---2_Introduction
|   |   2_Introduction.md
|   |   
|   \---images
|           640px-UseAndMisuseCase.jpg
|           ProportionSDLC.png
|           ProportionTest.png
|           SDLC.jpg
|           WindowExposure.jpg
|           
+---3_The_OWASP_Testing_Framework
|   |   3.8_Penetration_Testing_Methodologies.md
|   |   3_The_OWASP_Testing_Framework.md
|   |   
|   \---images
|           Typical_SDLC_Testing_Workflow.gif
|           
+---4_Web_Application_Security_Testing
|   |   4 Web Application Penetration Testing.md
|   |   
|   +---4.10_Testing_for_Weak_Cryptography
|   |   |   4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection_OTG-CRYPST-001.md
|   |   |   4.10.2_Testing_for_Padding_Oracle_OTG-CRYPST-002.md
|   |   |   4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels_OTG-CRYPST-003.md
|   |   |   4.10.4_Testing_for_Weak_Encryption_OTG-CRYPST-004.md
|   |   |   4.10_Testing_for_Weak_Cryptography.md
|   |   |   
|   |   \---images
|   |           SSL_Certificate_Validity_Testing_Firefox_Warning.gif
|   |           SSL_Certificate_Validity_Testing_IE_Warning.gif
|   |           
|   +---4.11_Business_Logic_Testing
|   |       4.11.1_Test_Business_Logic_Data_Validation_OTG-BUSLOGIC-001.md
|   |       4.11.2_Test_Ability_to_Forge_Requests_OTG-BUSLOGIC-002.md
|   |       4.11.3_Test_Integrity_Checks_OTG-BUSLOGIC-003.md
|   |       4.11.4_Test_for_Process_Timing_OTG-BUSLOGIC-004.md
|   |       4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits_OTG-BUSLOGIC-005.md
|   |       4.11.6_Testing_for_the_Circumvention_of_Work_Flows_OTG-BUSLOGIC-006.md
|   |       4.11.7_Test_Defenses_Against_Application_Mis-use_OTG-BUSLOGIC-007.md
|   |       4.11.8_Test_Upload_of_Unexpected_File_Types_OTG-BUSLOGIC-008.md
|   |       4.11.9_Test_Upload_of_Malicious_Files_OTG-BUSLOGIC-009.md
|   |       4.11_Testing_for_Business_Logic.md
|   |       
|   +---4.12_Client_Side_Testing
|   |   |   4.12 Client Side Testing.md
|   |   |   4.12.10_Testing_WebSockets_OTG-CLIENT-010.md
|   |   |   4.12.11_Test_Web_Messaging_OTG-CLIENT-011.md
|   |   |   4.12.12_Test_Local_Storage_OTG-CLIENT-012.md
|   |   |   4.12.13_Testing_for_Cross_Site_Script_Inclusion_OTG-CLIENT-013.md
|   |   |   4.12.1_Testing_for_DOM-based_Cross_Site_Scripting_OTG-CLIENT-001.md
|   |   |   4.12.2_Testing_for_JavaScript_Execution_OTG-CLIENT-002.md
|   |   |   4.12.3_Testing_for_HTML_Injection_OTG-CLIENT-003.md
|   |   |   4.12.4_Testing_for_Client_Side_URL_Redirect_OTG-CLIENT-004.md
|   |   |   4.12.5_Testing_for_CSS_Injection_OTG-CLIENT-005.md
|   |   |   4.12.6_Testing_for_Client_Side_Resource_Manipulation_OTG-CLIENT-006.md
|   |   |   4.12.7_Test_Cross_Origin_Resource_Sharing_OTG-CLIENT-007.md
|   |   |   4.12.8_Testing_for_Cross_Site_Flashing_OTG-CLIENT-008.md
|   |   |   4.12.9_Testing_for_Clickjacking_OTG-CLIENT-009.md
|   |   |   
|   |   \---images
|   |           XSSI1.jpeg
|   |           
|   +---4.1_Introduction_and_Objectives
|   |       4.1.1_Testing_Checklist.md
|   |       4.1_Testing_Introduction_and_Objectives.md
|   |       
|   +---4.2_Information_Gathering
|   |   |   4.2 Testing Information Gathering.md
|   |   |   4.2.10_Map_Application_Architecture_OTG-INFO-010.md
|   |   |   4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage_OTG-INFO-001.md
|   |   |   4.2.2_Fingerprint_Web_Server_OTG-INFO-002.md
|   |   |   4.2.3_Review_Webserver_Metafiles_for_Information_Leakage_OTG-INFO-003.md
|   |   |   4.2.4_Enumerate_Applications_on_Webserver_OTG-INFO-004.md
|   |   |   4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage_OTG-INFO-005.md
|   |   |   4.2.6_Identify_Application_Entry_Points_OTG-INFO-006.md
|   |   |   4.2.7_Map_Execution_Paths_Through_Application_OTG-INFO-007.md
|   |   |   4.2.8_Fingerprint_Web_Application_Framework_OTG-INFO-008.md
|   |   |   4.2.9_Fingerprint_Web_Application_OTG-INFO-009.md
|   |   |   
|   |   \---images
|   |           Google_cache_Operator_Search_Results_Example_20121219.jpg
|   |           Google_site_Operator_Search_Results_Example_20121219.jpg
|   |           Httprint.jpg
|   |           Meta_Tag_Example-Facebook-Aug_2013.png
|   |           Netcraft2.png
|   |           
|   +---4.3 Configuration and Deployment Management Testing
|   |   |   4.3.10_Test_for_Subdomain_Takeover_OTG-CONFIG-010.md
|   |   |   4.3.1_Test_Network_Infrastructure_Configuration_OTG-CONFIG-001.md
|   |   |   4.3.2_Test_Application_Platform_Configuration_OTG-CONFIG-002.md
|   |   |   4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information_OTG-CONFIG-003.md
|   |   |   4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information_OTG-CONFIG-004.md
|   |   |   4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces_OTG-CONFIG-005.md
|   |   |   4.3.6_Test_HTTP_Methods_OTG-CONFIG-006.md
|   |   |   4.3.7_Test_HTTP_Strict_Transport_Security_OTG-CONFIG-007.md
|   |   |   4.3.8_Test_RIA_Cross_Domain_Policy_OTG-CONFIG-008.md
|   |   |   4.3.9_Test_File_Permission_OTG-CONFIG-009.md
|   |   |   4.3_Testing_for_Configuration_Management.md
|   |   |   
|   |   \---images
|   |           subdomain_takeover_ex1.jpeg
|   |           subdomain_takeover_ex2.jpeg
|   |           
|   +---4.4_Identity_Management_Testing
|   |       4.4.1_Test_Role_Definitions_OTG-IDENT-001.md
|   |       4.4.2_Test_User_Registration_Process_OTG-IDENT-002.md
|   |       4.4.3_Test_Account_Provisioning_Process_OTG-IDENT-003.md
|   |       4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account_OTG-IDENT-004.md
|   |       4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy_OTG-IDENT-005.md
|   |       4.4_Identity_Management_Testing.md
|   |       
|   +---4.5_Authentication_Testing
|   |       4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel_OTG-AUTHN-010.md
|   |       4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel_OTG-AUTHN-001.md
|   |       4.5.2_Testing_for_Default_Credentials_OTG-AUTHN-002.md
|   |       4.5.3_Testing_for_Weak_Lock_Out_Mechanism_OTG-AUTHN-003.md
|   |       4.5.4_Testing_for_Bypassing_Authentication_Schema_OTG-AUTHN-004.md
|   |       4.5.5_Testing_for_Vulnerable_Remember_Password_OTG-AUTHN-005.md
|   |       4.5.6_Testing_for_Browser_Cache_Weaknesses_OTG-AUTHN-006.md
|   |       4.5.7_Testing_for_Weak_Password_Policy_OTG-AUTHN-007.md
|   |       4.5.8_Testing_for_Weak_Security_Question_Answer_OTG-AUTHN-008.md
|   |       4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities_OTG-AUTHN-009.md
|   |       4.5_Testing_for_Authentication.md
|   |       
|   +---4.6_Authorization_Testing
|   |       4.6 Testing for Authorization.md
|   |       4.6.1_Testing_Directory_Traversal_File_Include_OTG-AUTHZ-001.md
|   |       4.6.2_Testing_for_Bypassing_Authorization_Schema_OTG-AUTHZ-002.md
|   |       4.6.3_Testing_for_Privilege_Escalation_OTG-AUTHZ-003.md
|   |       4.6.4_Testing_for_Insecure_Direct_Object_References_OTG-AUTHZ-004.md
|   |       
|   +---4.7_Session_Management_Testing
|   |       4.7 Testing for Session Management.md
|   |       4.7.1_Testing_for_Session_Management_Schema_OTG-SESS-001.md
|   |       4.7.2_Testing_for_Cookies_Attributes_OTG-SESS-002.md
|   |       4.7.3_Testing_for_Session_Fixation_OTG-SESS-003.md
|   |       4.7.4_Testing_for_Exposed_Session_Variables_OTG-SESS-004.md
|   |       4.7.5_Testing_for_CSRF_OTG-SESS-005.md
|   |       4.7.6_Testing_for_Logout_Functionality_OTG-SESS-006.md
|   |       4.7.7_Test_Session_Timeout_OTG-SESS-007.md
|   |       4.7.8_Testing_for_Session_Puzzling_OTG-SESS-008.md
|   |       
|   +---4.8_Input_Validation_Testing
|   |       4.8.10_Testing_for_XPath_Injection_OTG-INPVAL-010.md
|   |       4.8.11_Testing_for_IMAP_SMTP_Injection_OTG-INPVAL-011.md
|   |       4.8.12.1_Testing_for_Local_File_Inclusion.md
|   |       4.8.12.2_Testing_for_Remote_File_Inclusion.md
|   |       4.8.12_Testing_for_Code_Injection_OTG-INPVAL-012.md
|   |       4.8.13_Testing_for_Command_Injection_OTG-INPVAL-013.md
|   |       4.8.14.1_Testing_for_Heap_Overflow.md
|   |       4.8.14.2_Testing_for_Stack_Overflow.md
|   |       4.8.14.3_Testing_for_Format_String.md
|   |       4.8.14_Testing_for_Buffer_Overflow_OTG-INPVAL-014.md
|   |       4.8.15_Testing_for_Incubated_Vulnerability_OTG-INPVAL-015.md
|   |       4.8.16_Testing_for_HTTP_Splitting_Smuggling_OTG-INPVAL-016.md
|   |       4.8.17_Testing_for_HTTP_Incoming_requests_OTG-INPVAL-017.md
|   |       4.8.18_Testing_for_Host_Header_Injection_OTG-INPVAL-018.md
|   |       4.8.1_Testing_for_Reflected_Cross_Site_Scripting_OTG-INPVAL-001.md
|   |       4.8.2_Testing_for_Stored_Cross_Site_Scripting_OTG-INPVAL-002.md
|   |       4.8.3_Testing_for_HTTP_Verb_Tampering_OTG-INPVAL-003.md
|   |       4.8.4_Testing_for_HTTP_Parameter_Pollution_OTG-INPVAL-004.md
|   |       4.8.5.1_Testing_for_Oracle.md
|   |       4.8.5.2_Testing_for_MySQL.md
|   |       4.8.5.3_Testing_for_SQL_Server.md
|   |       4.8.5.4_OWASP_Backend_Security_Project_Testing_PostgreSQL.md
|   |       4.8.5.5_Testing_for_MS_Access.md
|   |       4.8.5.6_Testing_for_NoSQL_Injection.md
|   |       4.8.5_Testing_for_SQL_Injection_OTG-INPVAL-005.md
|   |       4.8.6_Testing_for_LDAP_Injection_OTG-INPVAL-006.md
|   |       4.8.7_Testing_for_ORM_Injection_OTG-INPVAL-007.md
|   |       4.8.8_Testing_for_XML_Injection_OTG-INPVAL-008.md
|   |       4.8.9_Testing_for_SSI_Injection_OTG-INPVAL-009.md
|   |       4.8_Testing_for_Input_Validation.md
|   |       
|   \---4.9_Testing_for_Error_Handling
|           4.9.1_Testing_for_Error_Code_OTG-ERR-001.md
|           4.9.2_Testing_for_Stack_Traces_OTG-ERR-002.md
|           4.9_Testing_for_Error_Handling.md
|           
+---5_Reporting
|       Reporting.md
|       
+---Appx.A_Testing_Tools_Resource
|       Appx.A_Testing_Tools.md
|       
+---Appx.B_Suggested_Reading
|       Appx.B_Suggested_Reading.md
|       
+---Appx.C_Fuzz_Vectors
|       Appx.C_Fuzz_Vectors.md
|       
+---Appx.D_Encoded_Injection
|       Appx.D_Encoded_Injection.md
|       
\---Appx.E_Misc
        AppxE_History.md

[kingthorin]

Any suggestions on what I should be looking at in this frighteningly large pull request?

• Check the naming. (tree /F /A or see above, or whatever)
• Do some targeted searches. (Eclipse facilitates this, you can probably also use VSCode or Notepad++)
  • %28 and %29 - There are 13 matches in the repo, all of which are outstanding "wikilink"s (separate issue), 3rd party links, or examples/unrelated to filenames.
  • Regex \d\)\.md - 83 Occurrences before this change, zero after.
  • %20(OTG- - 85 Occurrences before this change, zero after.
    • _{(Those two numbers mismatch due to the fact that there was two files with the .markdown extension, which this change also fixed. [4.3.1 and 4.5.8].)}
• Review the content changes shown in the github diff.

[ThunderSon]

@kingthorin The job you've done ... Thank you.

[ThunderSon]

From the tree, and the dead URLs, I think the below needs fixing:

0 Foreword.md
4 Web Application Penetration Testing.md
4.12 Client Side Testing.md
4.2 Testing Information Gathering.md
4.6 Testing for Authorization.md
4.7 Testing for Session Management.md

[kingthorin]

Updated tree

C:.
|   OWASP_Testing_Guide_v4_Table_of_Contents.md
|   
+---0_Foreward
|       0_Foreword.md
|       
+---1_Frontispiece
|       1.2_About_The_Open_Web_Application_Security_Project.md
|       1_Frontispiece.md
|       
+---2_Introduction
|   |   2_Introduction.md
|   |   
|   \---images
|           640px-UseAndMisuseCase.jpg
|           ProportionSDLC.png
|           ProportionTest.png
|           SDLC.jpg
|           WindowExposure.jpg
|           
+---3_The_OWASP_Testing_Framework
|   |   3.8_Penetration_Testing_Methodologies.md
|   |   3_The_OWASP_Testing_Framework.md
|   |   
|   \---images
|           Typical_SDLC_Testing_Workflow.gif
|           
+---4_Web_Application_Security_Testing
|   |   4_Web_Application_Penetration_Testing.md
|   |   
|   +---4.10_Testing_for_Weak_Cryptography
|   |   |   4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection_OTG-CRYPST-001.md
|   |   |   4.10.2_Testing_for_Padding_Oracle_OTG-CRYPST-002.md
|   |   |   4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels_OTG-CRYPST-003.md
|   |   |   4.10.4_Testing_for_Weak_Encryption_OTG-CRYPST-004.md
|   |   |   4.10_Testing_for_Weak_Cryptography.md
|   |   |   
|   |   \---images
|   |           SSL_Certificate_Validity_Testing_Firefox_Warning.gif
|   |           SSL_Certificate_Validity_Testing_IE_Warning.gif
|   |           
|   +---4.11_Business_Logic_Testing
|   |       4.11.1_Test_Business_Logic_Data_Validation_OTG-BUSLOGIC-001.md
|   |       4.11.2_Test_Ability_to_Forge_Requests_OTG-BUSLOGIC-002.md
|   |       4.11.3_Test_Integrity_Checks_OTG-BUSLOGIC-003.md
|   |       4.11.4_Test_for_Process_Timing_OTG-BUSLOGIC-004.md
|   |       4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits_OTG-BUSLOGIC-005.md
|   |       4.11.6_Testing_for_the_Circumvention_of_Work_Flows_OTG-BUSLOGIC-006.md
|   |       4.11.7_Test_Defenses_Against_Application_Mis-use_OTG-BUSLOGIC-007.md
|   |       4.11.8_Test_Upload_of_Unexpected_File_Types_OTG-BUSLOGIC-008.md
|   |       4.11.9_Test_Upload_of_Malicious_Files_OTG-BUSLOGIC-009.md
|   |       4.11_Testing_for_Business_Logic.md
|   |       
|   +---4.12_Client_Side_Testing
|   |   |   4.12.10_Testing_WebSockets_OTG-CLIENT-010.md
|   |   |   4.12.11_Test_Web_Messaging_OTG-CLIENT-011.md
|   |   |   4.12.12_Test_Local_Storage_OTG-CLIENT-012.md
|   |   |   4.12.13_Testing_for_Cross_Site_Script_Inclusion_OTG-CLIENT-013.md
|   |   |   4.12.1_Testing_for_DOM-based_Cross_Site_Scripting_OTG-CLIENT-001.md
|   |   |   4.12.2_Testing_for_JavaScript_Execution_OTG-CLIENT-002.md
|   |   |   4.12.3_Testing_for_HTML_Injection_OTG-CLIENT-003.md
|   |   |   4.12.4_Testing_for_Client_Side_URL_Redirect_OTG-CLIENT-004.md
|   |   |   4.12.5_Testing_for_CSS_Injection_OTG-CLIENT-005.md
|   |   |   4.12.6_Testing_for_Client_Side_Resource_Manipulation_OTG-CLIENT-006.md
|   |   |   4.12.7_Test_Cross_Origin_Resource_Sharing_OTG-CLIENT-007.md
|   |   |   4.12.8_Testing_for_Cross_Site_Flashing_OTG-CLIENT-008.md
|   |   |   4.12.9_Testing_for_Clickjacking_OTG-CLIENT-009.md
|   |   |   4.12_Client_Side_Testing.md
|   |   |   
|   |   \---images
|   |           XSSI1.jpeg
|   |           
|   +---4.1_Introduction_and_Objectives
|   |       4.1.1_Testing_Checklist.md
|   |       4.1_Testing_Introduction_and_Objectives.md
|   |       
|   +---4.2_Information_Gathering
|   |   |   4.2.10_Map_Application_Architecture_OTG-INFO-010.md
|   |   |   4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage_OTG-INFO-001.md
|   |   |   4.2.2_Fingerprint_Web_Server_OTG-INFO-002.md
|   |   |   4.2.3_Review_Webserver_Metafiles_for_Information_Leakage_OTG-INFO-003.md
|   |   |   4.2.4_Enumerate_Applications_on_Webserver_OTG-INFO-004.md
|   |   |   4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage_OTG-INFO-005.md
|   |   |   4.2.6_Identify_Application_Entry_Points_OTG-INFO-006.md
|   |   |   4.2.7_Map_Execution_Paths_Through_Application_OTG-INFO-007.md
|   |   |   4.2.8_Fingerprint_Web_Application_Framework_OTG-INFO-008.md
|   |   |   4.2.9_Fingerprint_Web_Application_OTG-INFO-009.md
|   |   |   4.2_Testing_Information_Gathering.md
|   |   |   
|   |   \---images
|   |           Google_cache_Operator_Search_Results_Example_20121219.jpg
|   |           Google_site_Operator_Search_Results_Example_20121219.jpg
|   |           Httprint.jpg
|   |           Meta_Tag_Example-Facebook-Aug_2013.png
|   |           Netcraft2.png
|   |           
|   +---4.3 Configuration and Deployment Management Testing
|   |   |   4.3.10_Test_for_Subdomain_Takeover_OTG-CONFIG-010.md
|   |   |   4.3.1_Test_Network_Infrastructure_Configuration_OTG-CONFIG-001.md
|   |   |   4.3.2_Test_Application_Platform_Configuration_OTG-CONFIG-002.md
|   |   |   4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information_OTG-CONFIG-003.md
|   |   |   4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information_OTG-CONFIG-004.md
|   |   |   4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces_OTG-CONFIG-005.md
|   |   |   4.3.6_Test_HTTP_Methods_OTG-CONFIG-006.md
|   |   |   4.3.7_Test_HTTP_Strict_Transport_Security_OTG-CONFIG-007.md
|   |   |   4.3.8_Test_RIA_Cross_Domain_Policy_OTG-CONFIG-008.md
|   |   |   4.3.9_Test_File_Permission_OTG-CONFIG-009.md
|   |   |   4.3_Testing_for_Configuration_Management.md
|   |   |   
|   |   \---images
|   |           subdomain_takeover_ex1.jpeg
|   |           subdomain_takeover_ex2.jpeg
|   |           
|   +---4.4_Identity_Management_Testing
|   |       4.4.1_Test_Role_Definitions_OTG-IDENT-001.md
|   |       4.4.2_Test_User_Registration_Process_OTG-IDENT-002.md
|   |       4.4.3_Test_Account_Provisioning_Process_OTG-IDENT-003.md
|   |       4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account_OTG-IDENT-004.md
|   |       4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy_OTG-IDENT-005.md
|   |       4.4_Identity_Management_Testing.md
|   |       
|   +---4.5_Authentication_Testing
|   |       4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel_OTG-AUTHN-010.md
|   |       4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel_OTG-AUTHN-001.md
|   |       4.5.2_Testing_for_Default_Credentials_OTG-AUTHN-002.md
|   |       4.5.3_Testing_for_Weak_Lock_Out_Mechanism_OTG-AUTHN-003.md
|   |       4.5.4_Testing_for_Bypassing_Authentication_Schema_OTG-AUTHN-004.md
|   |       4.5.5_Testing_for_Vulnerable_Remember_Password_OTG-AUTHN-005.md
|   |       4.5.6_Testing_for_Browser_Cache_Weaknesses_OTG-AUTHN-006.md
|   |       4.5.7_Testing_for_Weak_Password_Policy_OTG-AUTHN-007.md
|   |       4.5.8_Testing_for_Weak_Security_Question_Answer_OTG-AUTHN-008.md
|   |       4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities_OTG-AUTHN-009.md
|   |       4.5_Testing_for_Authentication.md
|   |       
|   +---4.6_Authorization_Testing
|   |       4.6.1_Testing_Directory_Traversal_File_Include_OTG-AUTHZ-001.md
|   |       4.6.2_Testing_for_Bypassing_Authorization_Schema_OTG-AUTHZ-002.md
|   |       4.6.3_Testing_for_Privilege_Escalation_OTG-AUTHZ-003.md
|   |       4.6.4_Testing_for_Insecure_Direct_Object_References_OTG-AUTHZ-004.md
|   |       4.6_Testing_for_Authorization.md
|   |       
|   +---4.7_Session_Management_Testing
|   |       4.7.1_Testing_for_Session_Management_Schema_OTG-SESS-001.md
|   |       4.7.2_Testing_for_Cookies_Attributes_OTG-SESS-002.md
|   |       4.7.3_Testing_for_Session_Fixation_OTG-SESS-003.md
|   |       4.7.4_Testing_for_Exposed_Session_Variables_OTG-SESS-004.md
|   |       4.7.5_Testing_for_CSRF_OTG-SESS-005.md
|   |       4.7.6_Testing_for_Logout_Functionality_OTG-SESS-006.md
|   |       4.7.7_Test_Session_Timeout_OTG-SESS-007.md
|   |       4.7.8_Testing_for_Session_Puzzling_OTG-SESS-008.md
|   |       4.7_Testing_for_Session_Management.md
|   |       
|   +---4.8_Input_Validation_Testing
|   |       4.8.10_Testing_for_XPath_Injection_OTG-INPVAL-010.md
|   |       4.8.11_Testing_for_IMAP_SMTP_Injection_OTG-INPVAL-011.md
|   |       4.8.12.1_Testing_for_Local_File_Inclusion.md
|   |       4.8.12.2_Testing_for_Remote_File_Inclusion.md
|   |       4.8.12_Testing_for_Code_Injection_OTG-INPVAL-012.md
|   |       4.8.13_Testing_for_Command_Injection_OTG-INPVAL-013.md
|   |       4.8.14.1_Testing_for_Heap_Overflow.md
|   |       4.8.14.2_Testing_for_Stack_Overflow.md
|   |       4.8.14.3_Testing_for_Format_String.md
|   |       4.8.14_Testing_for_Buffer_Overflow_OTG-INPVAL-014.md
|   |       4.8.15_Testing_for_Incubated_Vulnerability_OTG-INPVAL-015.md
|   |       4.8.16_Testing_for_HTTP_Splitting_Smuggling_OTG-INPVAL-016.md
|   |       4.8.17_Testing_for_HTTP_Incoming_requests_OTG-INPVAL-017.md
|   |       4.8.18_Testing_for_Host_Header_Injection_OTG-INPVAL-018.md
|   |       4.8.1_Testing_for_Reflected_Cross_Site_Scripting_OTG-INPVAL-001.md
|   |       4.8.2_Testing_for_Stored_Cross_Site_Scripting_OTG-INPVAL-002.md
|   |       4.8.3_Testing_for_HTTP_Verb_Tampering_OTG-INPVAL-003.md
|   |       4.8.4_Testing_for_HTTP_Parameter_Pollution_OTG-INPVAL-004.md
|   |       4.8.5.1_Testing_for_Oracle.md
|   |       4.8.5.2_Testing_for_MySQL.md
|   |       4.8.5.3_Testing_for_SQL_Server.md
|   |       4.8.5.4_OWASP_Backend_Security_Project_Testing_PostgreSQL.md
|   |       4.8.5.5_Testing_for_MS_Access.md
|   |       4.8.5.6_Testing_for_NoSQL_Injection.md
|   |       4.8.5_Testing_for_SQL_Injection_OTG-INPVAL-005.md
|   |       4.8.6_Testing_for_LDAP_Injection_OTG-INPVAL-006.md
|   |       4.8.7_Testing_for_ORM_Injection_OTG-INPVAL-007.md
|   |       4.8.8_Testing_for_XML_Injection_OTG-INPVAL-008.md
|   |       4.8.9_Testing_for_SSI_Injection_OTG-INPVAL-009.md
|   |       4.8_Testing_for_Input_Validation.md
|   |       
|   \---4.9_Testing_for_Error_Handling
|           4.9.1_Testing_for_Error_Code_OTG-ERR-001.md
|           4.9.2_Testing_for_Stack_Traces_OTG-ERR-002.md
|           4.9_Testing_for_Error_Handling.md
|           
+---5_Reporting
|       Reporting.md
|       
+---Appx.A_Testing_Tools_Resource
|       Appx.A_Testing_Tools.md
|       
+---Appx.B_Suggested_Reading
|       Appx.B_Suggested_Reading.md
|       
+---Appx.C_Fuzz_Vectors
|       Appx.C_Fuzz_Vectors.md
|       
+---Appx.D_Encoded_Injection
|       Appx.D_Encoded_Injection.md
|       
\---Appx.E_Misc
        AppxE_History.md

[kingthorin]

Done. (I think)

[ThunderSon]

There is only one left: 4.3 Configuration and Deployment Management Testing

[kingthorin]

Boom, done.

4.3 Changed

+---4.3_Configuration_and_Deployment_Management_Testing
|   |   4.3.10_Test_for_Subdomain_Takeover_OTG-CONFIG-010.md
|   |   4.3.1_Test_Network_Infrastructure_Configuration_OTG-CONFIG-001.md
|   |   4.3.2_Test_Application_Platform_Configuration_OTG-CONFIG-002.md
|   |   4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information_OTG-CONFIG-003.md
|   |   4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information_OTG-CONFIG-004.md
|   |   4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces_OTG-CONFIG-005.md
|   |   4.3.6_Test_HTTP_Methods_OTG-CONFIG-006.md
|   |   4.3.7_Test_HTTP_Strict_Transport_Security_OTG-CONFIG-007.md
|   |   4.3.8_Test_RIA_Cross_Domain_Policy_OTG-CONFIG-008.md
|   |   4.3.9_Test_File_Permission_OTG-CONFIG-009.md
|   |   4.3_Testing_for_Configuration_Management.md
|   |
|   \---images
|           subdomain_takeover_ex1.jpeg
|           subdomain_takeover_ex2.jpeg

</details>