         OWASP Web Security Testing Guide培训

Introduction

Overview of Web Security Testing Guide

The OWASP Testing Project
Tailoring and prioritizing for organizations
Testing principles and techniques
Security testing objectives and requirements
Exploring Various Testing Techniques

Manual inspections and reviews
Threat modeling
Source code review
Penetration testing
Security test integration and data analysis
Understanding the OWASP Testing Framework

Activities from development to deployment
Maintenance and operations
Lifecycle end-to-end testing framework and workflow
Penetration testing methodologies
Performing Web Application Security Testing

Information gathering
Configuration and deployment management testing
Identity management testing
Authentication and authorization testing
Session management testing
Input validation testing
Testing for error handling
Testing for weak cryptography
Business logic testing
Client-side testing
API testing
Reporting the Testing Assessment and Results

Introduction section
Executive summary
Findings section
Appendices
Getting Involved in the Web Security Testing Guide

Referencing and linking WSTG scenarios
Code of conduct
Contribution guide
Feature requests and feedback
Summary and Conclusion