Skip to content
/ wastc Public
forked from Secure-D/wastc

Secure-D Web Application Security Test Checklist summarizes well-known weaknesses, vulnerabilities and best practices into review topics with short description and recommendation. Its objective is to aid penetration tester to review the web application thoroughly.

License

Notifications You must be signed in to change notification settings

babebbu/wastc

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

wastc

Secure-D Web Application Security Test Checklist summarizes well-known weaknesses, vulnerabilities and best practices into review topics with short description and recommendation. Its objective is to aid penetration tester in reviewing the web application thoroughly.

This is not a Working Paper that Secure-D uses to serve the web application penetration test service but rather the public contribution version.

Objective

This document aims to assist penetration tester to cover any possible weaknesses, vulnerabilities and policy compliance. As a result, it may contain duplicates or similar issues in different review topics and could be excessive for many penetration test project. It is advised that the tester reviews the whole document and decide to test on more important topics within the limited time.

For developer, this document will also be useful to study each weaknesses and vulnerabilities and improve code quality by following the guidelines.

Key words

We decide to use same key words to indicate requirement levels standard with RFC2119. When the document says "MUST", it is an absolute requirement. This is to emphasize the importance of the security in that review topic.

Recommendation and Useful links

This checklist maybe similar to OWASP and CWE. We see it's different in details and does NOT replace OWASP and CWE by any means. We recommend you to study OWASP and CWE documentation as well.

OWASP Web Security Testing Guide
OWASP Testing Guide
OWASP Verification Standard
CWE

Contributions

We are open to any contributions. Any missing review topics are welcome. You could open either Issues or Pull Requests.

Disclaimer

Open source projects are made available and contributed to under licenses that include terms that, for the protection of contributors, make clear that the projects are offered “as-is”, without warranty, and disclaiming liability for damages resulting from using the projects.

About

Secure-D Web Application Security Test Checklist summarizes well-known weaknesses, vulnerabilities and best practices into review topics with short description and recommendation. Its objective is to aid penetration tester to review the web application thoroughly.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published