search

OWASP / wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
https://owasp.org/www-project-web-security-testing-guide/
Creative Commons Attribution Share Alike 4.0 International
6.91k stars 1.29k forks source link

Add Testing for Sub-domain take over #31

Closed ManhNho closed 5 years ago

ManhNho commented 5 years ago

Hi @MatOwasp,

I just read about NEW TESTS TO WRITE and OWASP testing guide v4. And I did not see any topics about Testing subdomain take over techniques. Can we add a topic about this attacking case?

MatOwasp commented 5 years ago

Hi, I add @kingthorin. @ManhNho what contents would you like to add? Something like this article? https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

ManhNho commented 5 years ago

Yeah, some content about Subdomain takeover techniques. Can I start writing content for this?

ManhNho commented 5 years ago

I suggest that we create an article in Configuration and Deployment Management Testing that talks about how the guide can be used for Sub-domain takeover testing.

kingthorin commented 5 years ago

Seems fine to me.

MatOwasp commented 5 years ago

ok thanks

jzold commented 5 years ago

Hi,

I'm happy to help with this one, just uploaded a draft version to https://github.com/jzold/OWASP-Testing-Guide-v5/blob/master/document/4%20Web%20Application%20Security%20Testing/4.3%20Configuration%20and%20Deployment%20Management%20Testing/4.3.10%20Test%20for%20subdomain%20takeover%20(OTG-CONFIG-010).md

Any feedback is welcome and appreciated :) I'll submit a PR shortly.

J./

kingthorin commented 5 years ago

Closed in https://github.com/OWASP/OWASP-Testing-Guide-v5/pull/58