WSTG - v4.1 on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Check that the WebSocket connection is using TLS to transport sensitive information wss://. Check the HTTPS Implementation for security issues (Valid Certificate, BEAST, CRIME, RC4, …

WebSockets can be used over unencrypted TCP or over encrypted TLS. To use unencrypted WebSockets the ws:// URI scheme is used (default port 80), to use encrypted (TLS) …

This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the …

Apr 12, 2011 · WebSockets do not handle authentication, instead normal application authentication mechanisms apply, such as cookies, HTTP Authentication or TLS authentication.

applica-tions. The Development Guide will show your project how to archi-tect and build a secure application, the Code Review Guide will tell you how to verify the security of your application’s …

OWASP ZAP provides robust support for testing SSL/TLS configurations. Here’s how you can set it up for SSL/TLS testing: Before you can begin testing SSL/TLS configurations, you need to …

PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used …

The large number of available cipher suites and quick progress in cryptanalysis makes testing an SSL server a non-trivial task. At the time of writing these criteria are widely recognized as …

Temporary release between 4.2 and 4.3 to attach PDF and ePub. Published here: https://owasp.org/www-project-web-security-testing-guide/v42/ - Add GraphQL API testing …