The Web Application Test Suite is used for testing web applications. The suite requires a capture from a web browsing session which is then anomalized and driven against the target web application.
Hypertext Transfer Protocol -- HTTP/1.0
Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field
Returning Values from Forms: multipart/form-data
Hypertext Transfer Protocol -- HTTP/1.1
Uniform Resource Identifier (URI): Generic Syntax
The application/json Media Type for JavaScript Object Notation (JSON)
HTTP State Management Mechanism
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
Hypertext Transfer Protocol (HTTP/1.1): Caching
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
Hypertext Transfer Protocol (HTTP/1.1): Authentication
JSON Web Token (JWT)
Hypertext Transfer Protocol Version 2 (HTTP/2)
OAuth 1.0 Protocol
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization Framework: Bearer Token Usage
OpenID Authentication 2.0 - Final
Blind LDAP Injection
Blind SQL Injection
CORS misconfiguration
Credentials in Query Strings
Cross-site request forgery
Cross-site scripting
File path traversal injection
Information leakage
LDAP injection in response
Malformed HTTP
Missing cookie attribute
Remote Execution
Session cookie in URL
SQL injection in response
Unexpected data