Input Security Testing

Sections without clickable links at this time are not completed. Check back periodically and more sections will become available.

Input Identification
* Identifying Registry Keys
* Identify Temporary files
* Environmental Variables
* Network Traffic
* Identifying Visable User Input Fields
* Third Party Depandancies (3rd party DLLs or libraries)

(List taken from webappsec.org)
Input Vulnerability Types
* Overflow
* Format String
* SQL Injection
* XSS
* Command Execution
* XPath Injection
* LDAP Injection

Common Input Field Types:
This will cover such things as 'what are standard email formats and how will someone try to evade the filter'.
Common ways to attack an email field ex: user@host.com < /etc/passwd. No new material just a collection of existing material associated with what a qa person will test.

* Email Filter Evasion Problems
* IP Address Filter Evasion Problems
* Credit Card Formats (VISA, Mastercard, Discover)
* User Names and Passwords
* Addresses