Testing for Path Traversal (OWASP-AZ-001)
Testing for bypassing authorization schema (OWASP-AZ-002)
Testing for Privilege Escalation (OWASP-AZ-003)
Many web applications use and manage files as part of their daily operation. Using input validation methods that have not been well designed or deployed, an aggressor could exploit the system in order to read/write files that are not intended to be accessible. In particular situations, it could be possible to execute arbitrary code or system commands.
Stage a
Input Vectors Enumeration (a systematic evaluation of each input vector)
Stage b
Testing Techniques (a methodical evaluation of each attack technique used by an attacker to exploit the
vulnerability)
vulnerability)
Testing for bypassing authorization schema (OWASP-AZ-002)
This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get access to reserved functions/resources.
Testing for Privilege Escalation (OWASP-AZ-003)
This section describes the issue of escalating privileges from one stage to another. During this phase, the tester should
verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow
privilege escalation attacks.
verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow
privilege escalation attacks.
Post a Comment