Broken Link Analysis

[kingthorin]

Per a recent full run of the link checker, and my manual review. Notes inline with bullets.

---

FILE:./document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/00-Introduction_to_Business_Logic.md [✖] http://softwaretestingfundamentals.com/software-testing-life-cycle/ → Status: 0

• Actually Works

FILE:./document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md [✖] http://tamperevident.cs.rice.edu/Logging.html → Status: 0

• Broken - GitHub repo hasn't been updated in 11 years

FILE:./document/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md [✖] https://searchdns.netcraft.com/?host → Status: 403

• Actually works

FILE:./document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md [✖] https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html → Status: 404

• Is 404 and excluded from way back machine. Sentence could be removed.

FILE:./document/4-Web_Application_Security_Testing/11-Client-side_Testing/02-Testing_for_JavaScript_Execution.md [✖] http://www.domxss.com/domxss/01_Basics/04_eval.html → Status: 0

• Site seems to be offline, way back content makes me wonder if this was actually a useful resource. (https://web.archive.org/web/20200127032155/http://www.domxss.com/domxss/01_Basics/04_eval.html) In this particular case since the source has been included the link could be removed...

FILE:./document/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md [✖] https://www.contextis.com/media/downloads/Context-Clickjacking_white_paper_2010.pdf → Status: 404

• Couldn't find alternative, 11 years old

[✖] https://media.blackhat.com/bh-eu-10/presentations/Stone/BlackHat-EU-2010-Stone-Next-Generation-Clickjacking-slides.pdf → Status: 0

• Cloudflare 522, 11 years old

FILE:./document/4-Web_Application_Security_Testing/11-Client-side_Testing/08-Testing_for_Cross_Site_Flashing.md [✖] https://labs.adobe.com/technologies/swfinvestigator/ → Status: 404

• Maybe this should be retired since flash is supposedly truely dead now.

FILE:./document/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md [✖] http://www.domxss.com/domxss/01_Basics/06_jquery_old_html.html → Status: 0

• Site seems to be offline. In this particular case since the source has been included the link could be removed...

FILE:./document/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md [✖] http://juerkkil.iki.fi/files/writings/websocket2012.pdf → Status: 0

• 9 years old, could just be dropped.

FILE:./document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration.md [✖] https://support.microsoft.com/en-us/help/325864/how-to-install-and-use-the-iis-lockdown-wizard → Status: 404

• Alternative link: https://docs.microsoft.com/pt-br/security-updates/security/20141735 Tools seems based on Server 2008, we could probably drop this.

FILE:./document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md [✖] https://www.defcon.org/images/defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf → Status: 0

• When I checked this was blocked based on cert from an unknown CA.
• Maybe link to the video of the talk instead? https://www.youtube.com/watch?v=JU2ulb-q0gU

FILE:./document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md [✖] http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ → Status: 404

• Per wayback machine this hasn't been updated since 2011. Should probabaly drop or switch. (https://portswigger.net/web-security/sql-injection/cheat-sheet)

[✖] https://docs.google.com/file/d/0B5CQOTY4YRQCSWRHNkNaaFMyQTA/edit → Status: 404

• Gone

FILE:./document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md [✖] https://dev.mysql.com/doc/refman/8.0/en/server-error-reference.html → Status: 404

• Should be updated to: https://dev.mysql.com/doc/mysql-errors/8.0/en/server-error-reference.html

FILE:./document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md [✖] https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf → Status: 0

• Cloudflare 522. Could link to the video: https://www.youtube.com/watch?v=ZYiTLZGK4AQ but this is 10 years old, just drop it?

[✖] https://php.net/manual/en/mongocollection.find.php → Status: 404

• Still exists in some languages, en seems to have been removed...

FILE:./document/6-Appendix/D-Encoded_Injection.md [✖] https://www.rapidtables.com/code/text/unicode-characters.html → Status: 403

• Actually works

FILE:./document/6-Appendix/B-Suggested_Reading.md [✖] https://www.opensourcetesting.org/category/security/ → Status: 429

• Per wayback machine this seems to have been a low value link anyway. It links to other blogs etc and seems out of date.

[✖] http://www.domxss.com/domxss/ → Status: 0

• Per earlier mentions of this site it seems to be gone.

[kingthorin]

www.domxss.com seems to be working once again.

[kingthorin]

FYI I reported the expired cert on https://softwaretestingfundamentals.com/ and they replied within less than a day that it'd been fixed.