Please enable JavaScript.
Coggle requires JavaScript to display documents.
SET2021 (01. Security testing plan (Test Scope (In Scope, Out of Scope…
SET2021
03. Security report
Executive summary
Assessment summary
Strategic recommended
Technical summary
Technical detail
Appendices
02. Security testing
Security standards
OWASP top 10 - 2017
A5-2017: Broken Access Control
A6-2017: Security Misconfiguration
A3-2017: Sensitive Data Exposure
A4-2017: XML External Entities (XXE)
A7-2017: Cross-Site Scripting (XSS)
A8-2017: Insecure Deserialization
A9-2017: Using Components with Known Vulnerabilities
A10-2017: Insufficient Logging&Monitoring
A2-2017: Broken Authentication
A1-2017: SQL Injection
OWASP top 10 - 2013
A10-2013: Unvalidated Redirects and Forwards
A8-2013: Cross-Site Request Forgery (CSRF)
Security tools
Burp Suite
OWASP ZAP
sqlmap
nmap
sublist3r
OpenVAS
Nessus
Security checklist
Session Management
Access Control
Input Validation
Error handling & Logging
Authentication
01. Security testing plan
Purpose
2.Test Target & Access Credentials
Test Approach
Test Scope
In Scope
Out of Scope & Restrictions
Assessment Tools Overview
Test Schedule
Security Test Deliverables
Risks and Assessment
Contact Information
Stakeholder Approval