An organization’s security team is conducting a security review of their web applications to ensure compliance with best practices before deployment. They are currently focusing on testing the authentication mechanisms to prevent future incidents. Which of the following documents would provide the most comprehensive guidance for systematically testing the web applications’ authentication features?
ISO/IEC 27002 Information security controls
NIST Special Publication 800-53 Security and Privacy Controls
The Open Web Application Security Project (OWASP) Testing Guide
The Payment Card Industry Data Security Standard (PCI DSS)