testcases | Channel 9

Return to HomePage

Test Cases Index

Input/Data Validation

*How to test for cross site scripting vulnerabilities
*How to test for SQL injection vulnerabilities
*How to test for buffer overflow vulnerabilities
*How to test for buffer underflow vulnerabilities
*How to test for integer overflow/underflow vulnerabilities
*How to test for canonicalization vulnerabilities
*How to test client-side validation
*How to test for format string vulnerabilities
*How to test for response splitting vulnerabilities
*How to test for XML injection vulnerabilities

Authentication

*How to test for user credential disclosure on the network
*How to test for user credential disclosure on the local machine
*How to test for weak passwords
*How to test for cross-application authentication
*How to test for HTTP replay vulnerabilities
*How to test for session hijacking vulnerabilities
*How to test for Address Resolution Protocol (ARP) spoofing/poisoning
*How to test for invalid x509 certificates
*How to test for invalid Certificates
*How to test for weak pass-phrases
*How to test for incorrect order of signature verification
*How to test for remoting rouge client vulnerability

Authorization

*How to test for forceful browsing vulnerabilities
*How to test for role disclosure on the network
*How to test for role disclosure on the local machine
*How to test for incorrect access to protected system files
*How to test for incorrect access to protected folders
*How to test for incorrect access to protected network shares
*How to test for repudiation in authorization

Encryption

*How to test for failure to encrypt plain-text into cipher-text in network
*How to test for failure to encrypt plain-text into cipher-text in local box
*How to test for failure to clear secrets from memory

Data Access

*How to test for SQL injection
*How to test for improper role access in the database
*How to test against denial of service to SQL servers
*How to test for unnecessary attack surface on SQL servers
*How to test for sensitive database-related error message

Exception Management

*How to test for information disclosure in error messages
*How to test safe exception unwinds in crashes
*How to test for dead code that leads to information disclosure

Sensitive Data

*How to test for sensitive data disclosure on the network
*How to test for sensitive data disclosure on the local machine through static kernel objects (registry, files)
*How to test for sensitive data disclosure through dynamic kernel objects (mutex, events)

Auditing and Logging

*How to test inappropriate access to log files
*How to test for sensitive data disclosure in log files

Other

*How to test for zero-click vulnerabilities
*How to test for one-click vulnerabilities

Return to HomePage

Return to %5bHomePage%5d
----
%21%21 Test Cases Index
%21%21%21 Input/Data Validation
	*How to test for cross site scripting vulnerabilities
	*%5bHow to test for SQL injection vulnerabilities%7cTestCasesSQLInject%5d
	*%5bHow to test for buffer overflow vulnerabilities%7cTestCasesBO%5d
	*How to test for buffer underflow vulnerabilities
	*How to test for integer overflow/underflow vulnerabilities
	*How to test for canonicalization vulnerabilities
	*How to test client-side validation
	*%5bHow to test for format string vulnerabilities%7cTestCasesFormatString%5d
	*How to test for response splitting vulnerabilities
	*How to test for XML injection vulnerabilities
%21%21%21 Authentication
	*How to test for user credential disclosure on the network
	*How to test for user credential disclosure on the local machine
	*How to test for weak passwords
	*How to test for cross-application authentication
	*How to test for HTTP replay vulnerabilities
	*How to test for session hijacking vulnerabilities
	*How to test for Address Resolution Protocol %28ARP%29 spoofing/poisoning
	*How to test for invalid x509 certificates 
	*How to test for invalid Certificates
	*How to test for weak pass-phrases
	*How to test for incorrect order of signature verification
	*How to test for remoting rouge client vulnerability
%21%21%21 Authorization
	*How to test for forceful browsing vulnerabilities
	*How to test for role disclosure on the network
	*How to test for role disclosure on the local machine
	*How to test for incorrect access to protected system files
	*How to test for incorrect access to protected folders
	*How to test for incorrect access to protected network shares
	*How to test for repudiation in authorization
%21%21%21 Encryption
	*How to test for failure to encrypt plain-text into cipher-text in network
	*How to test for failure to encrypt plain-text into cipher-text in local box
	*How to test for failure to clear secrets from memory
%21%21%21 Data Access
	*How to test for SQL injection 
	*How to test for improper role access in the database
	*How to test against denial of service to SQL servers
	*How to test for unnecessary attack surface on SQL servers
	*How to test for sensitive database-related error message
%21%21%21 Exception Management
	*How to test for information disclosure in error messages
	*How to test safe exception unwinds in crashes
	*How to test for dead code that leads to information disclosure
%21%21%21 Sensitive Data
	*How to test for sensitive data disclosure on the network
	*How to test for sensitive data disclosure on the local machine through static kernel objects %28registry%2c files%29
	*How to test for sensitive data disclosure through dynamic kernel objects %28mutex%2c events%29
%21%21%21 Auditing and Logging
	*How to test inappropriate access to log files
	*How to test for sensitive data disclosure in log files
%21%21%21 Other
	*How to test for zero-click vulnerabilities
	*How to test for one-click vulnerabilities
----
Return to %5bHomePage%5d