4.7 Input Validation Testing

4.7.1 Testing for Reflected Cross Site Scripting

4.7.2 Testing for Stored Cross Site Scripting

4.7.3 Testing for HTTP Verb Tampering

4.7.4 Testing for HTTP Parameter Pollution

4.7.5 Testing for SQL Injection

• 4.7.5.1 Testing for Oracle

• 4.7.5.2 Testing for MySQL

• 4.7.5.3 Testing for SQL Server

• 4.7.5.4 Testing PostgreSQL

• 4.7.5.5 Testing for MS Access

• 4.7.5.6 Testing for NoSQL Injection

• 4.7.5.7 Testing for ORM Injection

• 4.7.5.8 Testing for Client-side

4.7.6 Testing for LDAP Injection

4.7.7 Testing for XML Injection

4.7.8 Testing for SSI Injection

4.7.9 Testing for XPath Injection

4.7.10 Testing for IMAP SMTP Injection

4.7.11 Testing for Code Injection

• 4.7.11.1 Testing for Local File Inclusion

• 4.7.11.2 Testing for Remote File Inclusion

4.7.12 Testing for Command Injection

4.7.13 Testing for Format String Injection

4.7.14 Testing for Incubated Vulnerability

4.7.15 Testing for HTTP Splitting Smuggling

4.7.16 Testing for HTTP Incoming Requests

4.7.17 Testing for Host Header Injection

4.7.18 Testing for Server-side Template Injection

4.7.19 Testing for Server-Side Request Forgery