Open Issues Need Help
View All on GitHubThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
AI Summary: This GitHub issue points out a misclassification in the WSTG guide, where "Direct Page Request (Forced Browsing)" is currently listed under "Testing for Bypassing Authentication Schema." The author argues that forced browsing isn't always an authentication bypass, as it could simply be accessing an unauthenticated page, which is more akin to information disclosure or access control. The suggestion is to clarify or reclassify this section to improve structural consistency and conceptual accuracy.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
AI Summary: Expand the OWASP Web Security Testing Guide's section on testing payment functionality by adding new test cases focusing on real-world business logic flaws such as race conditions, multi-step confirmation vulnerabilities, cart manipulation, and improper source/destination validation in transfers. This involves researching common payment system vulnerabilities, crafting detailed test cases, and contributing the changes via a pull request to the OWASP WSTG GitHub repository.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.