Open Web Application Security
OWASP (Open Web Application Security) Project it is an open community dedicated to dissemination of standards and methodology for security testing to develop, acquire, operate and maintain secure applications.
CSOC 360 it is based on the methodologies developed by OWASP for testing web application security.
Tests conducted by specialists are:
Injection
Loss of authentication and session management
Cross-site scripting XSS
Direct reference insecure objects
Incorrect security settings
Exposure of sensitive data
Lack of access control functions
Counterfeiting cross-site requests CSRF
Using components with known vulnerabilities
Redirects and Forwards unvalidated