Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS Reorganization #1074

Open
wants to merge 42 commits into
base: master
Choose a base branch
from
Open

Conversation

manindar-mohan
Copy link
Contributor

@manindar-mohan manindar-mohan commented Jun 30, 2023

This PR fixes #591.

  • This PR handles the issue and requires no additional PRs.
  • You have validated the need for this change.

What did this PR accomplish?

  • Moved all XSS to chapter 11, client-side testing
  • added sub-sections for XSS

Thank you for your contribution!

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

Manindar Mohan added 15 commits June 30, 2023 15:44
…Testing/12-Testing_for_Format_String_Injection (OWASP#591)
…Testing/13-Testing_for_Incubated_Vulnerability (OWASP#591)
…Testing/14-Testing_for_HTTP_Splitting_Smuggling (OWASP#591)
…alidation_Testing/16-Testing_for_Host_Header_Injection (OWASP#591)
…lidation_Testing/17-Testing_for_Server-side_Template_Injection (OWASP#591)
…lidation_Testing/18-Testing_for_Server-Side_Request_Forgery (OWASP#591)
@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as outdated.

@github-actions

This comment was marked as resolved.

@github-actions

This comment was marked as resolved.

…se study link old one is not available anymore
@github-actions
Copy link

github-actions bot commented Jul 3, 2023

The following links are broken:
FILE:document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.3-Testing_for_SQL_Server.md
[✖] ../../6-Appendix/C-Fuzz_Vectors.md → Status: 400

@manindar-mohan
Copy link
Contributor Author

I have fixed almost all the mistakes, yet some are popping up on adjacent pushes, should I fix them all? these mistakes are from the old files that I haven’t changed. @kingthorin

@kingthorin
Copy link
Collaborator

I’ll have a look shortly. It’s probably fine.

@@ -2,6 +2,6 @@

|ID |
|------------|
|WSTG-INPV-03|
|WSTG-INPV-01|
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kingthorin I wouldn't put this as Id number 1. I feel with v5, we can take it out, no?
This will impact all the other docs, so I think we need to decide on this.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean this specific topic?

|ID |
|------------|
|WSTG-CLNT-01|
## References
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

References must be at the end of the document, not at the start. Any reason for moving them here?

@github-actions
Copy link

The following links are broken:
FILE:document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
[✖] 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md → Status: 400
[✖] 03-Testing_for_Weak_Lock_Out_Mechanism.md → Status: 400

@github-actions
Copy link

The following mistakes were identified:

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
15:108 ✖ Incorrect usage of the term: “life cycle”, use “lifecycle” instead terminology
97:256 ✖ Incorrect usage of the term: “back end”, use “backend” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
12:253 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
9:277 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
150:215 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
13:12 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
14:41 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
15:27 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
16:36 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:12 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:71 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
17:147 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
18:63 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
27:152 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
38:13 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
40:38 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
58:121 ✖ Incorrect usage of the term: “android”, use “Android” instead terminology
59:40 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
67:48 ✖ Incorrect usage of the term: “Website”, use “site” instead terminology
81:249 ✖ Incorrect usage of the term: “host name”, use “hostname” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
162:90 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

…n_Testing/17-Testing_for_Server-side_Template_Injection.md

Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>
@github-actions
Copy link

The following links are broken:
FILE:document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
[✖] 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md → Status: 400
[✖] 03-Testing_for_Weak_Lock_Out_Mechanism.md → Status: 400

@github-actions
Copy link

The following mistakes were identified:

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
15:108 ✖ Incorrect usage of the term: “life cycle”, use “lifecycle” instead terminology
97:256 ✖ Incorrect usage of the term: “back end”, use “backend” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
12:253 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
9:277 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
150:215 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
13:12 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
14:41 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
15:27 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
16:36 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:12 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:71 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
17:147 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
18:63 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
27:152 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
38:13 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
40:38 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
58:121 ✖ Incorrect usage of the term: “android”, use “Android” instead terminology
59:40 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
67:48 ✖ Incorrect usage of the term: “Website”, use “site” instead terminology
81:249 ✖ Incorrect usage of the term: “host name”, use “hostname” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
162:90 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

@manindar-mohan manindar-mohan deleted the fix-591 branch July 24, 2023 12:45
@kingthorin
Copy link
Collaborator

Why did you close this?

@manindar-mohan
Copy link
Contributor Author

Sorry, that was a mistake, didn’t know this happened.

@manindar-mohan manindar-mohan restored the fix-591 branch July 25, 2023 07:03
@kingthorin kingthorin reopened this Jul 25, 2023
@github-actions
Copy link

The following links are broken:
FILE:document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
[✖] 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md → Status: 400
[✖] 03-Testing_for_Weak_Lock_Out_Mechanism.md → Status: 400

@github-actions
Copy link

The following mistakes were identified:

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
15:108 ✖ Incorrect usage of the term: “life cycle”, use “lifecycle” instead terminology
97:256 ✖ Incorrect usage of the term: “back end”, use “backend” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
12:253 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
9:277 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
150:215 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
13:12 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
14:41 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
15:27 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
16:36 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:12 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
17:71 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
17:147 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
18:63 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
27:152 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
38:13 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
40:38 ✖ Incorrect usage of the term: “website”, use “site” instead terminology
58:121 ✖ Incorrect usage of the term: “android”, use “Android” instead terminology
59:40 ✖ Incorrect usage of the term: “websites”, use “sites” instead terminology
67:48 ✖ Incorrect usage of the term: “Website”, use “site” instead terminology
81:249 ✖ Incorrect usage of the term: “host name”, use “hostname” instead terminology

/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
162:90 ✖ Incorrect usage of the term: “website”, use “site” instead terminology

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
revise Needs quality review, updates, or revision work_in_progress Issue or PR not yet ready for review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

XSS Reorganization
3 participants