An organization’s security team is conducting a security review of their web applications to ensure compliance with best practices before deployment. They are currently focusing on testing the authentication mechanisms to prevent future incidents. Which of the following documents would provide the most comprehensive guidance for systematically testing the web applications’ authentication features?
NIST Special Publication 800-53 Security and Privacy Controls
ISO/IEC 27002 Information security controls
The Open Web Application Security Project (OWASP) Testing Guide
The Payment Card Industry Data Security Standard (PCI DSS)
|Incident Response and Management
|Reporting and Communication