From 2500ba5696f71222d0b8d76fc72c56424abe7904 Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Sat, 28 Mar 2020 17:05:41 -0400
Subject: [PATCH] Massive Reorg

* README'ify single page sections

* Re-org 0 thru 4.2.x

* chore: chapter 3 filename with hyphens

* chore: update chapter 3 names

* chore: update new chapter 3 names

* chore: update Authentication chapter filenames

* chore: update Authorization chapter filenames

* chore: update SESS chapter filenames

* chore: update INPV chapter filenames

* chore: update ERRH chapter filenames

* chore: update CRYP chapter filenames

* chore: update BUSL chapter filenames

* chore: update CLNT chapter filenames

* chore: update Reporting chapter filenames

* Hyphenate section 2

* Update Template(s) and CONTRIBUTING

* Further Template tweaks so that figure captions make sense

* One last one :wink: :crossed_fingers:

* chore: filename typo info-02

* chore: update main ToC with headers

* chore: url safe "and" instead of "&"

* chore: broken hashstring

* chore: refer to README instead of folder

* chore: add `0` to the left of chapter 1

* chore: main ToC descrition header numbering -1

* chore: link to chapter READMEs

* chore: INFO readme -> 4.1

* chore: old chap3 to new chap2

* chore: old chap 4 -> new chap 3

* chore: chap 4 numbering update

* chore: old chap 5 -> new chap 4

* chore: old chap 6 new chap 5

* chore: old chap 7 new chap 6

* chore: old chap 8 new chap 7

* chore: old chap 9 new chap 8

* chore: old chap 10 new chap 9

* chore: old chap 11 new chap 10

* chore: old chap 12 new chap 11

* chore: rm header number from checklist list

* chore: add L1 header for Template Readme

* 390 link fixes

* 349 Link fixes

* chore: post-merge issues

* figures and a LDAP-SQLi mess up

* chore: figure numbs chap 1

* last bits

Co-authored-by: Elie Saad <eliesaad7@gmail.com>
---
 CONTRIBUTING.md                               |   4 +-
 README.md                                     |   2 +-
 Testing_for_APIs.md                           |   6 +-
 .../Testing_Checklist.md                      |   2 +-
 .../0_Foreword.md => 0-Foreword/README.md}    |   0
 .../README.md}                                |   0
 .../images/Owasp_logo_icon.jpg                | Bin
 .../images/follow_badge.png                   | Bin
 .../README.md}                                |   2 +-
 .../images/640px-UseAndMisuseCase.jpg         | Bin
 .../images/ProportionSDLC.png                 | Bin
 .../images/ProportionTest.png                 | Bin
 .../images/SDLC.jpg                           | Bin
 .../images/WindowExposure.jpg                 | Bin
 .../0-The_OWASP_Testing_Framework.md}         |   0
 .../1-Penetration_Testing_Methodologies.md}   |   0
 .../images/Typical_SDLC_Testing_Workflow.gif  | Bin
 .../0-Introduction_and_Objectives/README.md}  |   2 +-
 ...Reconnaissance_for_Information_Leakage.md} |   4 +-
 .../02-Fingerprint_Web_Server.md}             | 370 +++++++++---------
 ...rver_Metafiles_for_Information_Leakage.md} |   4 +-
 ...04-Enumerate_Applications_on_Webserver.md} |   4 +-
 ...s_and_Metadata_for_Information_Leakage.md} |   0
 .../06-Identify_Application_Entry_Points.md}  |   0
 ...ap_Execution_Paths_Through_Application.md} |   2 +-
 ...-Fingerprint_Web_Application_Framework.md} |  10 +-
 .../09-Fingerprint_Web_Application.md}        |  10 +-
 .../10-Map_Application_Architecture.md}       |   0
 .../01-Information_Gathering/README.md        |  21 +
 .../images/Banshee_bottom_page.png            | Bin
 .../images/Cakephp_cookie.png                 | Bin
 .../images/Drupal_botcha_disclosure.png       | Bin
 ...erator_Search_Results_Example_20190828.png | Bin
 ...erator_Search_Results_Example_20190828.png | Bin
 .../images/Httprint.jpg                       | Bin
 .../Meta_Tag_Example-Facebook-Aug_2013.png    | Bin
 .../images/Netcraft2.png                      | Bin
 .../images/OWASPZAPSP.png                     | Bin
 .../images/Owasp-Info.jpg                     | Bin
 .../images/Owasp-wappalyzer.png               | Bin
 .../images/Robots-info-disclosure.png         | Bin
 .../images/Whatweb-sample.png                 | Bin
 .../images/Wordpress_dirbusting.png           | Bin
 .../images/Zk_html_source.png                 | Bin
 ...t_Network_Infrastructure_Configuration.md} |   2 +-
 ...est_Application_Platform_Configuration.md} |   0
 ...ons_Handling_for_Sensitive_Information.md} |   2 +-
 ...renced_Files_for_Sensitive_Information.md} |   0
 ...cture_and_Application_Admin_Interfaces.md} |   2 +-
 .../06-Test_HTTP_Methods.md}                  |   0
 ...07-Test_HTTP_Strict_Transport_Security.md} |   0
 .../08-Test_RIA_Cross_Domain_Policy.md}       |   0
 .../09-Test_File_Permission.md}               |   0
 .../10-Test_for_Subdomain_Takeover.md}        |   4 +-
 .../11-Test_Cloud_Storage.md}                 |   0
 .../README.md                                 |  23 ++
 .../images/subdomain_takeover_ex1.jpeg        | Bin
 .../images/subdomain_takeover_ex2.jpeg        | Bin
 .../01-Test_Role_Definitions.md}              |   0
 .../02-Test_User_Registration_Process.md}     |   4 +-
 .../03-Test_Account_Provisioning_Process.md}  |   4 +-
 ...Enumeration_and_Guessable_User_Account.md} |   6 +-
 ...for_Weak_or_Unenforced_Username_Policy.md} |   0
 .../03-Identity_Management_Testing/README.md  |  11 +
 .../images/AuthenticationFailed.png           | Bin
 .../images/Google_registration_page.jpg       | Bin
 .../images/NoConfFound.jpg                    | Bin
 .../images/Userisnotactive.png                | Bin
 .../images/Wordpress_authandusers.png         | Bin
 .../images/Wordpress_registration_page.jpg    | Bin
 .../images/Wordpress_useradd.png              | Bin
 ..._Transported_over_an_Encrypted_Channel.md} |   2 +-
 .../02-Testing_for_Default_Credentials.md}    |   4 +-
 ...03-Testing_for_Weak_Lock_Out_Mechanism.md} |   4 +-
 ...ng_for_Bypassing_Authentication_Schema.md} |  12 +-
 ...sting_for_Vulnerable_Remember_Password.md} |   8 +-
 ...6-Testing_for_Browser_Cache_Weaknesses.md} |   0
 .../07-Testing_for_Weak_Password_Policy.md}   |   0
 ...ting_for_Weak_Security_Question_Answer.md} |   6 +-
 ...ssword_Change_or_Reset_Functionalities.md} |   6 +-
 ..._Authentication_in_Alternative_Channel.md} |   0
 .../04-Authentication_Testing/README.md       |  21 +
 .../images/Basm-directreq.jpg                 | Bin
 .../images/Basm-parammod.jpg                  | Bin
 .../images/Basm-sessid.jpg                    | Bin
 .../images/Basm-sessid2.jpg                   | Bin
 .../images/Basm-sqlinj.jpg                    | Bin
 .../images/Basm-sqlinj2.gif                   | Bin
 ...sting_Directory_Traversal_File_Include.md} |   0
 ...ing_for_Bypassing_Authorization_Schema.md} |   0
 .../03-Testing_for_Privilege_Escalation.md}   |   0
 ..._for_Insecure_Direct_Object_References.md} |   2 +-
 .../05-Authorization_Testing/README.md        |   9 +
 ...-Testing_for_Session_Management_Schema.md} |   3 +-
 .../02-Testing_for_Cookies_Attributes.md}     | 260 ++++++------
 .../03-Testing_for_Session_Fixation.md}       |   0
 ...-Testing_for_Exposed_Session_Variables.md} |   0
 .../05-Testing_for_CSRF.md}                   |   6 +-
 .../06-Testing_for_Logout_Functionality.md}   |   0
 .../07-Testing_Session_Timeout.md}            |   2 +-
 .../08-Testing_for_Session_Puzzling.md}       |   0
 .../06-Session_Management_Testing/README.md   |  17 +
 .../Session_Riding_Firewall_Management.gif    | Bin
 .../Session_Riding_Firewall_Management_2.gif  | Bin
 .../images/Session_riding.GIF                 | Bin
 ...ing_for_Reflected_Cross_Site_Scripting.md} |   8 +-
 ...esting_for_Stored_Cross_Site_Scripting.md} |  10 +-
 .../03-Testing_for_HTTP_Verb_Tampering.md}    |   2 +-
 ...4-Testing_for_HTTP_Parameter_Pollution.md} |   0
 .../05-Testing_for_SQL_Injection.md}          |   0
 .../05.1-Testing_for_Oracle.md}               |   0
 .../05.2-Testing_for_MySQL.md}                |   2 +-
 .../05.3-Testing_for_SQL_Server.md}           |   2 +-
 .../05.4-Testing_PostgreSQL.md}               |   2 +-
 .../05.5-Testing_for_MS_Access.md}            |   0
 .../05.6-Testing_for_NoSQL_Injection.md}      |   2 +-
 .../05.7_Testing_for_ORM_Injection.md}        |   4 +-
 .../05.8-Testing_for_Client_Side.md}          |   4 +-
 .../06-Testing_for_LDAP_Injection.md}         |   0
 .../07-Testing_for_XML_Injection.md}          |   0
 .../08-Testing_for_SSI_Injection.md}          |   0
 .../09-Testing_for_XPath_Injection.md}        |   2 +-
 .../10-Testing_for_IMAP_SMTP_Injection.md}    |   2 +-
 .../11-Testing_for_Code_Injection.md}         |   0
 .../11.1-Testing_for_Local_File_Inclusion.md} |   0
 ...11.2-Testing_for_Remote_File_Inclusion.md} |   0
 .../12-Testing_for_Command_Injection.md}      |   0
 .../13-Testing_for_Buffer_Overflow.md}        |   6 +-
 .../13.1-Testing_for_Heap_Overflow.md}        |   2 +-
 .../13.2-Testing_for_Stack_Overflow.md}       |   4 +-
 .../13.3-Testing_for_Format_String.md}        |   0
 ...14-Testing_for_Incubated_Vulnerability.md} |   4 +-
 ...5-Testing_for_HTTP_Splitting_Smuggling.md} |   0
 .../16-Testing_for_HTTP_Incoming_Requests.md} |   0
 .../17-Testing_for_Host_Header_Injection.md}  |   0
 ...ing_for_Server_Side_Template_Injection.md} |   2 +-
 .../07-Input_Validation_Testing/README.md     |  63 +++
 .../images/Alert.png                          | Bin
 .../images/Heap_overflow_vulnerability.gif    | Bin
 .../images/Imap-smtp-injection.png            | Bin
 .../images/OPTIONS_verb_tampering.png         | Bin
 .../images/RubyBeef.png                       | Bin
 .../images/SSTI_XVWA.jpeg                     | Bin
 .../images/Stack_overflow_vulnerability.gif   | Bin
 .../images/Stack_overflow_vulnerability_2.gif | Bin
 .../images/Stored_input_example.jpg           | Bin
 .../images/Stored_xss_example.jpg             | Bin
 .../images/XSS_Example1.png                   | Bin
 .../images/XSS_Example2.png                   | Bin
 .../01-Testing_for_Error_Code.md}             |   6 +-
 .../02-Testing_for_Stack_Traces.md}           |   0
 .../08-Testing_for_Error_Handling/README.md   |   5 +
 ...nsufficient_Transport_Layer_Protection.md} |  18 +-
 .../02-Testing_for_Padding_Oracle.md}         |   0
 ...ormation_Sent_via_Unencrypted_Channels.md} |   4 +-
 .../04-Testing_for_Weak_Encryption.md}        |   0
 .../README.md                                 |   9 +
 ...icate_Validity_Testing_Firefox_Warning.gif | Bin
 ...ertificate_Validity_Testing_IE_Warning.gif | Bin
 .../0-Introduction_to_Business_Logic.md}      |   2 +-
 ...01-Test_Business_Logic_Data_Validation.md} |   8 +-
 .../02-Test_Ability_to_Forge_Requests.md}     |   6 +-
 .../03-Test_Integrity_Checks.md}              |   2 +-
 .../04-Test_for_Process_Timing.md}            |   4 +-
 ...of_Times_a_Function_Can_Be_Used_Limits.md} |   4 +-
 ...ng_for_the_Circumvention_of_Work_Flows.md} |  22 +-
 ...st_Defenses_Against_Application_Misuse.md} |   0
 ...8-Test_Upload_of_Unexpected_File_Types.md} |   4 +-
 .../09-Test_Upload_of_Malicious_Files.md}     |   4 +-
 .../10-Business_Logic_Testing/README.md       |  21 +
 ...ing_for_DOM-based_Cross_Site_Scripting.md} |   0
 .../02-Testing_for_JavaScript_Execution.md}   |   0
 .../03-Testing_for_HTML_Injection.md}         |   0
 ...4-Testing_for_Client_Side_URL_Redirect.md} |   0
 .../05-Testing_for_CSS_Injection.md}          |   0
 ..._for_Client_Side_Resource_Manipulation.md} |   0
 ...-Testing_Cross_Origin_Resource_Sharing.md} |   0
 .../08-Testing_for_Cross_Site_Flashing.md}    |   0
 .../09-Testing_for_Clickjacking.md}           |  12 +-
 .../10-Testing_WebSockets.md}                 |   8 +-
 .../11-Testing_Web_Messaging.md}              |   0
 .../12-Testing_Web_Storage.md}                |   6 +-
 ...esting_for_Cross_Site_Script_Inclusion.md} |   0
 .../11-Client_Side_Testing/README.md          |  27 ++
 .../images/Clickjacking_description.png       | Bin
 .../Clickjacking_example_malicious_page_1.png | Bin
 .../Clickjacking_example_malicious_page_2.png | Bin
 .../Clickjacking_example_malicious_page_3.png | Bin
 .../images/Clickjacking_example_step2.png     | Bin
 .../images/Masked_iframe.png                  | Bin
 .../images/OWASP_ZAP_WebSockets.png           | Bin
 .../images/Storage-xss.png                    | Bin 0 -> 53311 bytes
 .../images/WebSocket_Client.png               | Bin
 .../11-Client_Side_Testing}/images/XSSI1.jpeg | Bin
 .../README.md                                 |  25 ++
 .../README.md                                 |   9 -
 .../4.11_Business_Logic_Testing/README.md     |  21 -
 .../4.12_Client_Side_Testing/README.md        |  27 --
 .../4.1_Introduction_and_Objectives/README.md |   5 -
 .../4.2_Information_Gathering/README.md       |  21 -
 .../README.md                                 |  23 --
 .../4.4_Identity_Management_Testing/README.md |  11 -
 .../4.5_Authentication_Testing/README.md      |  21 -
 .../4.6_Authorization_Testing/README.md       |   9 -
 .../4.7_Session_Management_Testing/README.md  |  17 -
 .../4.8_Input_Validation_Testing/README.md    |  59 ---
 .../4.9_Testing_for_Error_Handling/README.md  |   5 -
 .../README.md                                 |  25 --
 .../5_Reporting.md => 5-Reporting/README.md}  |   0
 .../{Appx.A_Testing_Tools.md => README.md}    |   0
 ...{Appx.B_Suggested_Reading.md => README.md} |   0
 .../{Appx.C_Fuzz_Vectors.md => README.md}     |  10 +-
 ...{Appx.D_Encoded_Injection.md => README.md} |   0
 .../{Appx.E_History.md => README.md}          |   0
 document/README.md                            | 300 +++++++-------
 style_guide.md                                |   2 +-
 .../1-Testing_for_a_Cat_in_a_Box.md}          |   4 +
 .../2-Template_Explanation.md}                |  21 +-
 template/{ => 999-Foo_Testing}/images/box.jpg | Bin
 .../images/ghz-state.svg                      |   0
 template/README.md                            |   3 +
 221 files changed, 894 insertions(+), 880 deletions(-)
 rename document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.1_Testing_Checklist.md => checklist/Testing_Checklist.md (99%)
 rename document/{0_Foreword/0_Foreword.md => 0-Foreword/README.md} (100%)
 rename document/{1_Frontispiece/1_Frontispiece.md => 1-Frontispiece/README.md} (100%)
 rename document/{1_Frontispiece => 1-Frontispiece}/images/Owasp_logo_icon.jpg (100%)
 rename document/{1_Frontispiece => 1-Frontispiece}/images/follow_badge.png (100%)
 rename document/{2_Introduction/2_Introduction.md => 2-Introduction/README.md} (99%)
 rename document/{2_Introduction => 2-Introduction}/images/640px-UseAndMisuseCase.jpg (100%)
 rename document/{2_Introduction => 2-Introduction}/images/ProportionSDLC.png (100%)
 rename document/{2_Introduction => 2-Introduction}/images/ProportionTest.png (100%)
 rename document/{2_Introduction => 2-Introduction}/images/SDLC.jpg (100%)
 rename document/{2_Introduction => 2-Introduction}/images/WindowExposure.jpg (100%)
 rename document/{3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md => 3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md} (100%)
 rename document/{3_The_OWASP_Testing_Framework/3.8_Penetration_Testing_Methodologies.md => 3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md} (100%)
 rename document/{3_The_OWASP_Testing_Framework => 3-The_OWASP_Testing_Framework}/images/Typical_SDLC_Testing_Workflow.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.0_Introduction_and_Objectives.md => 4-Web_Application_Security_Testing/0-Introduction_and_Objectives/README.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md => 4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md => 4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md => 4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.4_Enumerate_Applications_on_Webserver.md => 4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md => 4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.6_Identify_Application_Entry_Points.md => 4-Web_Application_Security_Testing/01-Information_Gathering/06-Identify_Application_Entry_Points.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.7_Map_Execution_Paths_Through_Application.md => 4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.8_Fingerprint_Web_Application_Framework.md => 4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.9_Fingerprint_Web_Application.md => 4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.10_Map_Application_Architecture.md => 4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/01-Information_Gathering/README.md
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Banshee_bottom_page.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Cakephp_cookie.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Drupal_botcha_disclosure.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Google_cache_Operator_Search_Results_Example_20190828.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Google_site_Operator_Search_Results_Example_20190828.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Httprint.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Meta_Tag_Example-Facebook-Aug_2013.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Netcraft2.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/OWASPZAPSP.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Owasp-Info.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Owasp-wappalyzer.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Robots-info-disclosure.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Whatweb-sample.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Wordpress_dirbusting.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.2_Information_Gathering => 4-Web_Application_Security_Testing/01-Information_Gathering}/images/Zk_html_source.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.2_Test_Application_Platform_Configuration.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.6_Test_HTTP_Methods.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.8_Test_RIA_Cross_Domain_Policy.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.9_Test_File_Permission.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission.md} (100%)
 mode change 100755 => 100644
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.10_Test_for_Subdomain_Takeover.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.11_Test_Cloud_Storage.md => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/11-Test_Cloud_Storage.md} (100%)
 mode change 100755 => 100644
 create mode 100644 document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing}/images/subdomain_takeover_ex1.jpeg (100%)
 rename document/{4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing => 4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing}/images/subdomain_takeover_ex2.jpeg (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.1_Test_Role_Definitions.md => 4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.2_Test_User_Registration_Process.md => 4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process.md} (96%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.3_Test_Account_Provisioning_Process.md => 4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md => 4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy.md => 4-Web_Application_Security_Testing/03-Identity_Management_Testing/05-Testing_for_Weak_or_Unenforced_Username_Policy.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/AuthenticationFailed.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/Google_registration_page.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/NoConfFound.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/Userisnotactive.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/Wordpress_authandusers.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/Wordpress_registration_page.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.4_Identity_Management_Testing => 4-Web_Application_Security_Testing/03-Identity_Management_Testing}/images/Wordpress_useradd.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.2_Testing_for_Default_Credentials.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.4_Testing_for_Bypassing_Authentication_Schema.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md} (96%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.5_Testing_for_Vulnerable_Remember_Password.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md} (74%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.6_Testing_for_Browser_Cache_Weaknesses.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.7_Testing_for_Weak_Password_Policy.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.8_Testing_for_Weak_Security_Question_Answer.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md} (89%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md} (93%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel.md => 4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-directreq.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-parammod.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-sessid.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-sessid2.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-sqlinj.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.5_Authentication_Testing => 4-Web_Application_Security_Testing/04-Authentication_Testing}/images/Basm-sqlinj2.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.1_Testing_Directory_Traversal_File_Include.md => 4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md => 4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.3_Testing_for_Privilege_Escalation.md => 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md => 4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md} (98%)
 create mode 100644 document/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.3_Testing_for_Session_Fixation.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_CSRF.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.6_Testing_for_Logout_Functionality.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/06-Testing_for_Logout_Functionality.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.8_Testing_for_Session_Puzzling.md => 4-Web_Application_Security_Testing/06-Session_Management_Testing/08-Testing_for_Session_Puzzling.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing => 4-Web_Application_Security_Testing/06-Session_Management_Testing}/images/Session_Riding_Firewall_Management.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing => 4-Web_Application_Security_Testing/06-Session_Management_Testing}/images/Session_Riding_Firewall_Management_2.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.7_Session_Management_Testing => 4-Web_Application_Security_Testing/06-Session_Management_Testing}/images/Session_riding.GIF (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.2_Testing_for_Stored_Cross_Site_Scripting.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.3_Testing_for_HTTP_Verb_Tampering.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.4_Testing_for_HTTP_Parameter_Pollution.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.1_Testing_for_Oracle.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.2_Testing_for_MySQL.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.3_Testing_for_SQL_Server.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.4_Testing_PostgreSQL.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.5_Testing_for_MS_Access.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.6_Testing_for_NoSQL_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md} (95%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.7_Testing_for_ORM_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7_Testing_for_ORM_Injection.md} (92%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.8_Testing_for_Client-Side.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md} (94%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.6_Testing_for_LDAP_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.8_Testing_for_XML_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.9_Testing_for_SSI_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.11_Testing_for_IMAP_SMTP_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12_Testing_for_Code_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.1_Testing_for_Local_File_Inclusion.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.2_Testing_for_Remote_File_Inclusion.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.13_Testing_for_Command_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md} (75%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.1_Testing_for_Heap_Overflow.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.1-Testing_for_Heap_Overflow.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.2_Testing_for_Stack_Overflow.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.3_Testing_for_Format_String.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.3-Testing_for_Format_String.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.15_Testing_for_Incubated_Vulnerability.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md} (89%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.16_Testing_for_HTTP_Splitting_Smuggling.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.17_Testing_for_HTTP_Incoming_Requests.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.18_Testing_for_Host_Header_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.19_Testing_for_Server_Side_Template_Injection.md => 4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md} (99%)
 create mode 100644 document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Alert.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Heap_overflow_vulnerability.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Imap-smtp-injection.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/OPTIONS_verb_tampering.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/RubyBeef.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/SSTI_XVWA.jpeg (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Stack_overflow_vulnerability.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Stack_overflow_vulnerability_2.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Stored_input_example.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/Stored_xss_example.jpg (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/XSS_Example1.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.8_Input_Validation_Testing => 4-Web_Application_Security_Testing/07-Input_Validation_Testing}/images/XSS_Example2.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.1_Testing_for_Error_Code.md => 4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md} (97%)
 rename document/{4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.2_Testing_for_Stack_Traces.md => 4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md} (96%)
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.2_Testing_for_Padding_Oracle.md => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md} (93%)
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.4_Testing_for_Weak_Encryption.md => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography}/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography => 4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography}/images/SSL_Certificate_Validity_Testing_IE_Warning.gif (100%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.0_Introduction_to_Business_Logic.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/0-Introduction_to_Business_Logic.md} (99%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.1_Test_Business_Logic_Data_Validation.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md} (92%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.2_Test_Ability_to_Forge_Requests.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests.md} (94%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.3_Test_Integrity_Checks.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.4_Test_for_Process_Timing.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md} (94%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md} (93%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows.md} (82%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.7_Test_Defenses_Against_Application_Misuse.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/07-Test_Defenses_Against_Application_Misuse.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types.md} (94%)
 rename document/{4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.9_Test_Upload_of_Malicious_Files.md => 4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files.md} (96%)
 create mode 100644 document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.2_Testing_for_JavaScript_Execution.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/02-Testing_for_JavaScript_Execution.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.3_Testing_for_HTML_Injection.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.4_Testing_for_Client_Side_URL_Redirect.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.5_Testing_for_CSS_Injection.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.6_Testing_for_Client_Side_Resource_Manipulation.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/06-Testing_for_Client_Side_Resource_Manipulation.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Testing_Cross_Origin_Resource_Sharing.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/07-Testing_Cross_Origin_Resource_Sharing.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.8_Testing_for_Cross_Site_Flashing.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md} (98%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md} (93%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Testing_Web_Messaging.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md} (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Web_Storage.md} (93%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion.md => 4-Web_Application_Security_Testing/11-Client_Side_Testing/13-Testing_for_Cross_Site_Script_Inclusion.md} (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Clickjacking_description.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Clickjacking_example_malicious_page_1.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Clickjacking_example_malicious_page_2.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Clickjacking_example_malicious_page_3.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Clickjacking_example_step2.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/Masked_iframe.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/OWASP_ZAP_WebSockets.png (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Storage-xss.png
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/WebSocket_Client.png (100%)
 rename document/{4_Web_Application_Security_Testing/4.12_Client_Side_Testing => 4-Web_Application_Security_Testing/11-Client_Side_Testing}/images/XSSI1.jpeg (100%)
 create mode 100644 document/4-Web_Application_Security_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.2_Information_Gathering/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/README.md
 delete mode 100644 document/4_Web_Application_Security_Testing/README.md
 rename document/{5_Reporting/5_Reporting.md => 5-Reporting/README.md} (100%)
 rename document/Appx.A_Testing_Tools_Resource/{Appx.A_Testing_Tools.md => README.md} (100%)
 rename document/Appx.B_Suggested_Reading/{Appx.B_Suggested_Reading.md => README.md} (100%)
 rename document/Appx.C_Fuzz_Vectors/{Appx.C_Fuzz_Vectors.md => README.md} (94%)
 rename document/Appx.D_Encoded_Injection/{Appx.D_Encoded_Injection.md => README.md} (100%)
 rename document/Appx.E_Misc/{Appx.E_History.md => README.md} (100%)
 rename template/{999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md => 999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md} (98%)
 rename template/{999.2_Template_Explanation_WSTG-FOO-002.md => 999-Foo_Testing/2-Template_Explanation.md} (72%)
 rename template/{ => 999-Foo_Testing}/images/box.jpg (100%)
 rename template/{ => 999-Foo_Testing}/images/ghz-state.svg (100%)
 create mode 100644 template/README.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9e01b37047..6d30a20151 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,7 +17,7 @@ Here are some ways you can make a helpful contribution. The [Open Source Guide f
 
 This project would not be possible without the contributions of writers in the security community! Our authors help to keep the WSTG relevant and useful for everyone.
 
-Whether you are submitting a new section or adding information to an existing one, please follow the [template example](template/999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md). The [template sections are explained here](template/999.2_Template_Explanation_WSTG-FOO-002.md).
+Whether you are submitting a new section or adding information to an existing one, please follow the [template example](template/999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md). The [template sections are explained here](template/999-Foo_Testing/2-Template_Explanation.md).
 
 When submitting your [pull request](#how-to-submit-a-pull-request), authors should link contributions to an issue:
 
@@ -72,7 +72,7 @@ To increase the chances that your PR is merged, please make sure that:
 3. Your writing follows the [article template materials](template) and [style guide](style_guide.md).
 4. Your code snippets are correct, well-tested, and commented where necessary for understanding.
 
-Once the PR is complete, we'll merge it! At that point, you may like to add yourself to [the project's list of authors, reviewers, or editors](document/1_Frontispiece/1_Frontispiece.md).
+Once the PR is complete, we'll merge it! At that point, you may like to add yourself to [the project's list of authors, reviewers, or editors](document/1-Frontispiece/README.md).
 
 ## How to Set Up Your Contributor Environment
 
diff --git a/README.md b/README.md
index 0987c7d2d0..d12e7a1aa8 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ This project is only possible thanks to the work of many dedicated volunteers. E
 
 To learn how to contribute successfully, read the [contribution guide](CONTRIBUTING.md).
 
-Successful contributors appear on [the project's list of authors, reviewers, or editors](document/1_Frontispiece/1_Frontispiece.md).
+Successful contributors appear on [the project's list of authors, reviewers, or editors](document/1-Frontispiece/README.md).
 
 ## Chat With Us
 
diff --git a/Testing_for_APIs.md b/Testing_for_APIs.md
index d9fa8d4e8f..4cb6f5fc63 100644
--- a/Testing_for_APIs.md
+++ b/Testing_for_APIs.md
@@ -133,9 +133,9 @@ In case of weak secret value, this will bruteforce the secret.
 
 ## Related Test Cases
 
-- [IDOR](https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md)
-- [Privilege escalation](https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.3_Testing_for_Privilege_Escalation.md)
-- All [Session Management](https://github.com/OWASP/OWASP-Testing-Guide-v5/tree/master/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing) test cases
+- [IDOR](https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md)
+- [Privilege escalation](https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md)
+- All [Session Management](https://github.com/OWASP/OWASP-Testing-Guide-v5/tree/master/document/4-Web_Application_Security_Testing/06-Session_Management_Testing) test cases
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.1_Testing_Checklist.md b/checklist/Testing_Checklist.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.1_Testing_Checklist.md
rename to checklist/Testing_Checklist.md
index 7b53e52cc8..892d7ddeee 100644
--- a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.1_Testing_Checklist.md
+++ b/checklist/Testing_Checklist.md
@@ -1,4 +1,4 @@
-# 4.1.1 Testing Checklist
+# Testing Checklist
 
 The following is the list of controls to test during the assessment:
 
diff --git a/document/0_Foreword/0_Foreword.md b/document/0-Foreword/README.md
similarity index 100%
rename from document/0_Foreword/0_Foreword.md
rename to document/0-Foreword/README.md
diff --git a/document/1_Frontispiece/1_Frontispiece.md b/document/1-Frontispiece/README.md
similarity index 100%
rename from document/1_Frontispiece/1_Frontispiece.md
rename to document/1-Frontispiece/README.md
diff --git a/document/1_Frontispiece/images/Owasp_logo_icon.jpg b/document/1-Frontispiece/images/Owasp_logo_icon.jpg
similarity index 100%
rename from document/1_Frontispiece/images/Owasp_logo_icon.jpg
rename to document/1-Frontispiece/images/Owasp_logo_icon.jpg
diff --git a/document/1_Frontispiece/images/follow_badge.png b/document/1-Frontispiece/images/follow_badge.png
similarity index 100%
rename from document/1_Frontispiece/images/follow_badge.png
rename to document/1-Frontispiece/images/follow_badge.png
diff --git a/document/2_Introduction/2_Introduction.md b/document/2-Introduction/README.md
similarity index 99%
rename from document/2_Introduction/2_Introduction.md
rename to document/2-Introduction/README.md
index 83be198cd3..291a64b00a 100644
--- a/document/2_Introduction/2_Introduction.md
+++ b/document/2-Introduction/README.md
@@ -148,7 +148,7 @@ This section presents a high-level overview of various testing techniques that c
 - Code Review
 - Penetration Testing
 
-## Manual Inspections & Reviews
+## Manual Inspections and Reviews
 
 ### Overview
 
diff --git a/document/2_Introduction/images/640px-UseAndMisuseCase.jpg b/document/2-Introduction/images/640px-UseAndMisuseCase.jpg
similarity index 100%
rename from document/2_Introduction/images/640px-UseAndMisuseCase.jpg
rename to document/2-Introduction/images/640px-UseAndMisuseCase.jpg
diff --git a/document/2_Introduction/images/ProportionSDLC.png b/document/2-Introduction/images/ProportionSDLC.png
similarity index 100%
rename from document/2_Introduction/images/ProportionSDLC.png
rename to document/2-Introduction/images/ProportionSDLC.png
diff --git a/document/2_Introduction/images/ProportionTest.png b/document/2-Introduction/images/ProportionTest.png
similarity index 100%
rename from document/2_Introduction/images/ProportionTest.png
rename to document/2-Introduction/images/ProportionTest.png
diff --git a/document/2_Introduction/images/SDLC.jpg b/document/2-Introduction/images/SDLC.jpg
similarity index 100%
rename from document/2_Introduction/images/SDLC.jpg
rename to document/2-Introduction/images/SDLC.jpg
diff --git a/document/2_Introduction/images/WindowExposure.jpg b/document/2-Introduction/images/WindowExposure.jpg
similarity index 100%
rename from document/2_Introduction/images/WindowExposure.jpg
rename to document/2-Introduction/images/WindowExposure.jpg
diff --git a/document/3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md b/document/3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md
similarity index 100%
rename from document/3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md
rename to document/3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md
diff --git a/document/3_The_OWASP_Testing_Framework/3.8_Penetration_Testing_Methodologies.md b/document/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md
similarity index 100%
rename from document/3_The_OWASP_Testing_Framework/3.8_Penetration_Testing_Methodologies.md
rename to document/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md
diff --git a/document/3_The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif b/document/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif
similarity index 100%
rename from document/3_The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif
rename to document/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif
diff --git a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.0_Introduction_and_Objectives.md b/document/4-Web_Application_Security_Testing/0-Introduction_and_Objectives/README.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.0_Introduction_and_Objectives.md
rename to document/4-Web_Application_Security_Testing/0-Introduction_and_Objectives/README.md
index 0d092f98d5..c025904ed0 100644
--- a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.0_Introduction_and_Objectives.md
+++ b/document/4-Web_Application_Security_Testing/0-Introduction_and_Objectives/README.md
@@ -48,7 +48,7 @@ Testing can be categorized as passive or active:
 
 ### Passive Testing
 
-During passive testing, a tester tries to understand the application's logic and explores the application as a user. Tools can be used for information gathering. For example, an HTTP proxy can be used to observe all the HTTP requests and responses. At the end of this phase, the tester should understand all the access points (*gates*) of the application (e.g., HTTP headers, parameters, and cookies). The [Information Gathering](../4.2_Information_Gathering/README.md) section explains how to perform passive testing.
+During passive testing, a tester tries to understand the application's logic and explores the application as a user. Tools can be used for information gathering. For example, an HTTP proxy can be used to observe all the HTTP requests and responses. At the end of this phase, the tester should understand all the access points (*gates*) of the application (e.g., HTTP headers, parameters, and cookies). The [Information Gathering](../01-Information_Gathering/README.md) section explains how to perform passive testing.
 
 For example, a tester may find a page at the following URL:
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md
index 3c0401df16..e26c1e7c97 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md
@@ -57,7 +57,7 @@ For example, to find the web content of owasp.org as indexed by a typical search
 `site:owasp.org`
 
 ![Google Site Operation Search Result Example](images/Google_site_Operator_Search_Results_Example_20190828.png)\
-*Figure 4.2.1-1: Google Site Operation Search Result Example*
+*Figure 4.1.1-1: Google Site Operation Search Result Example*
 
 ### Viewing Cached Content
 
@@ -68,7 +68,7 @@ To view owasp.org as it is cached, the syntax is:
 `cache:owasp.org`
 
 ![Google Cache Operation Search Result Example](images/Google_cache_Operator_Search_Results_Example_20190828.png)\
-*Figure 4.2.1-2: Google Cache Operation Search Result Example*
+*Figure 4.1.1-2: Google Cache Operation Search Result Example*
 
 ### Google Hacking, or Dorking
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md
index 289a42224a..ec2879f77e 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md
@@ -1,185 +1,185 @@
-# Fingerprint Web Server
-
-|ID           |
-|-------------|
-|WSTG-INFO-002|
-
-## Summary
-
-Web server fingerprinting is the task of identifying the type and version of web server that a target is running on. While web server fingerprinting is often encapsulated in automated testing tools, it is important for researchers to understand the fundamentals of how these tools attempt to identify software, and why this is useful.
-
-Accurately discovering the type of web server that an application runs on can enable security testers to determine if the application is vulnerable to attack. In particular, servers running older versions of software without up-to-date security patches can be susceptible to known version-specific exploits.
-
-## Test Objectives
-
-Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.
-
-## How to Test
-
-Techniques used for web server fingerprinting include [banner grabbing](https://en.wikipedia.org/wiki/Banner_grabbing), eliciting responses to malformed requests, and using automated tools to perform more robust scans that use a combination of tactics. The fundamental premise by which all these techniques operate is the same. They all strive to elicit some response from the web server which can then be compared to a database of known responses and behaviors, and thus matched to a known server type.
-
-### Banner Grabbing
-
-A banner grab is performed by sending an HTTP request to the web server and examining its [response header](https://developer.mozilla.org/en-US/docs/Glossary/Response_header). This can be accomplished using a variety of tools, including `telnet` for HTTP requests, or `openssl` for requests over SSL.
-
-For example, here is the response to a request from an Apache server.
-
-```sh
-HTTP/1.1 200 OK
-Date: Thu, 05 Sep 2019 17:42:39 GMT
-Server: Apache/2.4.41 (Unix)
-Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
-ETag: "75-591d1d21b6167"
-Accept-Ranges: bytes
-Content-Length: 117
-Connection: close
-Content-Type: text/html
-...
-```
-
-Here is another response, this time from nginx.
-
-```sh
-HTTP/1.1 200 OK
-Server: nginx/1.17.3
-Date: Thu, 05 Sep 2019 17:50:24 GMT
-Content-Type: text/html
-Content-Length: 117
-Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
-Connection: close
-ETag: "5d71489a-75"
-Accept-Ranges: bytes
-...
-```
-
-Here's what a response from lighttpd looks like.
-
-```sh
-HTTP/1.0 200 OK
-Content-Type: text/html
-Accept-Ranges: bytes
-ETag: "4192788355"
-Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
-Content-Length: 117
-Connection: close
-Date: Thu, 05 Sep 2019 17:57:57 GMT
-Server: lighttpd/1.4.54
-```
-
-In these examples, the server type and version is clearly exposed. However, security-conscious applications may obfuscate their server information by modifying the header. For example, here is an excerpt from the response to a request for a site with a modified header:
-
-```sh
-HTTP/1.1 200 OK
-Server: Website.com
-Date: Thu, 05 Sep 2019 17:57:06 GMT
-Content-Type: text/html; charset=utf-8
-Status: 200 OK
-...
-```
-
-In cases where the server information is obscured, testers may guess the type of server based on the ordering of the header fields. Note that in the Apache example above, the fields follow this order:
-
-- Date
-- Server
-- Last-Modified
-- ETag
-- Accept-Ranges
-- Content-Length
-- Connection
-- Content-Type
-
-However, in both the nginx and obscured server examples, the fields in common follow this order:
-
-- Server
-- Date
-- Content-Type
-
-Testers can use this information to guess that the obscured server is nginx. However, considering that a number of different web servers may share the same field ordering and fields can be modified or removed, this method is not definite.
-
-### Sending Malformed Requests
-
-Web servers may be identified by examining their error responses, and in the cases where they have not been customized, their default error pages. One way to compel a server to present these is by sending intentionally incorrect or malformed requests.
-
-For example, here is the response to a request for the non-existent method `SANTA CLAUS` from an Apache server.
-
-```sh
-GET / SANTA CLAUS/1.1
-
-
-HTTP/1.1 400 Bad Request
-Date: Fri, 06 Sep 2019 19:21:01 GMT
-Server: Apache/2.4.41 (Unix)
-Content-Length: 226
-Connection: close
-Content-Type: text/html; charset=iso-8859-1
-
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
-<html><head>
-<title>400 Bad Request</title>
-</head><body>
-<h1>Bad Request</h1>
-<p>Your browser sent a request that this server could not understand.<br />
-</p>
-</body></html>
-```
-
-Here is the response to the same request from nginx.
-
-```sh
-GET / SANTA CLAUS/1.1
-
-
-<html>
-<head><title>404 Not Found</title></head>
-<body>
-<center><h1>404 Not Found</h1></center>
-<hr><center>nginx/1.17.3</center>
-</body>
-</html>
-```
-
-Here is the response to the same request from lighttpd.
-
-```sh
-GET / SANTA CLAUS/1.1
-
-
-HTTP/1.0 400 Bad Request
-Content-Type: text/html
-Content-Length: 345
-Connection: close
-Date: Sun, 08 Sep 2019 21:56:17 GMT
-Server: lighttpd/1.4.54
-
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
-  <title>400 Bad Request</title>
- </head>
- <body>
-  <h1>400 Bad Request</h1>
- </body>
-</html>
-```
-
-As default error pages offer many differentiating factors between types of web servers, their examination can be an effective method for fingerprinting even when server header fields are obscured.
-
-### Using Automated Scanning Tools
-
-As stated earlier, web server fingerprinting is often included as a functionality of automated scanning tools. These tools are able to make requests similar to those demonstrated above, as well as send other more server-specific probes. Automated tools can compare responses from web servers much faster than manual testing, and utilize large databases of known responses to attempt server identification. For these reasons, automated tools are more likely to produce accurate results.
-
-Here are some commonly-used scan tools that include web server fingerprinting functionality.
-
-- [Netcraft](https://toolbar.netcraft.com/site_report), an online tool that scans websites for information, including the web server.
-- [Nikto](https://github.com/sullo/nikto), an open source command line scanning tool.
-- [Nmap](https://nmap.org/), an open source command line tool that also has a GUI, [Zenmap](https://nmap.org/zenmap/).
-
-## Remediation
-
-While exposed server information is not necessarily in itself a vulnerability, it is information that can assist attackers in exploiting other vulnerabilities that may exist. Exposed server information can also lead attackers to find version-specific server vulnerabilities that can be used to exploit unpatched servers. For this reason it is recommended that some precautions be taken. These actions include:
-
-- Obscuring web server information in headers, such as with Apache's [mod_headers module](https://httpd.apache.org/docs/current/mod/mod_headers.html).
-- Using a hardened [reverse proxy server](https://en.wikipedia.org/wiki/Proxy_server#Reverse_proxies) to create an additional layer of security between the web server and the Internet.
-- Ensuring that web servers are kept up-to-date with the latest software and security patches.
+# Fingerprint Web Server
+
+|ID           |
+|-------------|
+|WSTG-INFO-002|
+
+## Summary
+
+Web server fingerprinting is the task of identifying the type and version of web server that a target is running on. While web server fingerprinting is often encapsulated in automated testing tools, it is important for researchers to understand the fundamentals of how these tools attempt to identify software, and why this is useful.
+
+Accurately discovering the type of web server that an application runs on can enable security testers to determine if the application is vulnerable to attack. In particular, servers running older versions of software without up-to-date security patches can be susceptible to known version-specific exploits.
+
+## Test Objectives
+
+Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.
+
+## How to Test
+
+Techniques used for web server fingerprinting include [banner grabbing](https://en.wikipedia.org/wiki/Banner_grabbing), eliciting responses to malformed requests, and using automated tools to perform more robust scans that use a combination of tactics. The fundamental premise by which all these techniques operate is the same. They all strive to elicit some response from the web server which can then be compared to a database of known responses and behaviors, and thus matched to a known server type.
+
+### Banner Grabbing
+
+A banner grab is performed by sending an HTTP request to the web server and examining its [response header](https://developer.mozilla.org/en-US/docs/Glossary/Response_header). This can be accomplished using a variety of tools, including `telnet` for HTTP requests, or `openssl` for requests over SSL.
+
+For example, here is the response to a request from an Apache server.
+
+```sh
+HTTP/1.1 200 OK
+Date: Thu, 05 Sep 2019 17:42:39 GMT
+Server: Apache/2.4.41 (Unix)
+Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
+ETag: "75-591d1d21b6167"
+Accept-Ranges: bytes
+Content-Length: 117
+Connection: close
+Content-Type: text/html
+...
+```
+
+Here is another response, this time from nginx.
+
+```sh
+HTTP/1.1 200 OK
+Server: nginx/1.17.3
+Date: Thu, 05 Sep 2019 17:50:24 GMT
+Content-Type: text/html
+Content-Length: 117
+Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
+Connection: close
+ETag: "5d71489a-75"
+Accept-Ranges: bytes
+...
+```
+
+Here's what a response from lighttpd looks like.
+
+```sh
+HTTP/1.0 200 OK
+Content-Type: text/html
+Accept-Ranges: bytes
+ETag: "4192788355"
+Last-Modified: Thu, 05 Sep 2019 17:40:42 GMT
+Content-Length: 117
+Connection: close
+Date: Thu, 05 Sep 2019 17:57:57 GMT
+Server: lighttpd/1.4.54
+```
+
+In these examples, the server type and version is clearly exposed. However, security-conscious applications may obfuscate their server information by modifying the header. For example, here is an excerpt from the response to a request for a site with a modified header:
+
+```sh
+HTTP/1.1 200 OK
+Server: Website.com
+Date: Thu, 05 Sep 2019 17:57:06 GMT
+Content-Type: text/html; charset=utf-8
+Status: 200 OK
+...
+```
+
+In cases where the server information is obscured, testers may guess the type of server based on the ordering of the header fields. Note that in the Apache example above, the fields follow this order:
+
+- Date
+- Server
+- Last-Modified
+- ETag
+- Accept-Ranges
+- Content-Length
+- Connection
+- Content-Type
+
+However, in both the nginx and obscured server examples, the fields in common follow this order:
+
+- Server
+- Date
+- Content-Type
+
+Testers can use this information to guess that the obscured server is nginx. However, considering that a number of different web servers may share the same field ordering and fields can be modified or removed, this method is not definite.
+
+### Sending Malformed Requests
+
+Web servers may be identified by examining their error responses, and in the cases where they have not been customized, their default error pages. One way to compel a server to present these is by sending intentionally incorrect or malformed requests.
+
+For example, here is the response to a request for the non-existent method `SANTA CLAUS` from an Apache server.
+
+```sh
+GET / SANTA CLAUS/1.1
+
+
+HTTP/1.1 400 Bad Request
+Date: Fri, 06 Sep 2019 19:21:01 GMT
+Server: Apache/2.4.41 (Unix)
+Content-Length: 226
+Connection: close
+Content-Type: text/html; charset=iso-8859-1
+
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>400 Bad Request</title>
+</head><body>
+<h1>Bad Request</h1>
+<p>Your browser sent a request that this server could not understand.<br />
+</p>
+</body></html>
+```
+
+Here is the response to the same request from nginx.
+
+```sh
+GET / SANTA CLAUS/1.1
+
+
+<html>
+<head><title>404 Not Found</title></head>
+<body>
+<center><h1>404 Not Found</h1></center>
+<hr><center>nginx/1.17.3</center>
+</body>
+</html>
+```
+
+Here is the response to the same request from lighttpd.
+
+```sh
+GET / SANTA CLAUS/1.1
+
+
+HTTP/1.0 400 Bad Request
+Content-Type: text/html
+Content-Length: 345
+Connection: close
+Date: Sun, 08 Sep 2019 21:56:17 GMT
+Server: lighttpd/1.4.54
+
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+  <title>400 Bad Request</title>
+ </head>
+ <body>
+  <h1>400 Bad Request</h1>
+ </body>
+</html>
+```
+
+As default error pages offer many differentiating factors between types of web servers, their examination can be an effective method for fingerprinting even when server header fields are obscured.
+
+### Using Automated Scanning Tools
+
+As stated earlier, web server fingerprinting is often included as a functionality of automated scanning tools. These tools are able to make requests similar to those demonstrated above, as well as send other more server-specific probes. Automated tools can compare responses from web servers much faster than manual testing, and utilize large databases of known responses to attempt server identification. For these reasons, automated tools are more likely to produce accurate results.
+
+Here are some commonly-used scan tools that include web server fingerprinting functionality.
+
+- [Netcraft](https://toolbar.netcraft.com/site_report), an online tool that scans websites for information, including the web server.
+- [Nikto](https://github.com/sullo/nikto), an open source command line scanning tool.
+- [Nmap](https://nmap.org/), an open source command line tool that also has a GUI, [Zenmap](https://nmap.org/zenmap/).
+
+## Remediation
+
+While exposed server information is not necessarily in itself a vulnerability, it is information that can assist attackers in exploiting other vulnerabilities that may exist. Exposed server information can also lead attackers to find version-specific server vulnerabilities that can be used to exploit unpatched servers. For this reason it is recommended that some precautions be taken. These actions include:
+
+- Obscuring web server information in headers, such as with Apache's [mod_headers module](https://httpd.apache.org/docs/current/mod/mod_headers.html).
+- Using a hardened [reverse proxy server](https://en.wikipedia.org/wiki/Proxy_server#Reverse_proxies) to create an additional layer of security between the web server and the Internet.
+- Ensuring that web servers are kept up-to-date with the latest software and security patches.
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md
index d1463fbb2b..ca99da3c47 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md
@@ -6,7 +6,7 @@
 
 ## Summary
 
-This section describes how to test the robots.txt file for information leakage of the web application's directory or folder path(s). Furthermore, the list of directories that are to be avoided by Spiders, Robots, or Crawlers can also be created as a dependency for [Map execution paths through application](4.2.7_Map_Execution_Paths_Through_Application.md)
+This section describes how to test the robots.txt file for information leakage of the web application's directory or folder path(s). Furthermore, the list of directories that are to be avoided by Spiders, Robots, or Crawlers can also be created as a dependency for [Map execution paths through application](07-Map_Execution_Paths_Through_Application.md)
 
 ## Test Objectives
 
@@ -136,7 +136,7 @@ Based on the Disallow directive(s) listed within the robots.txt file in webroot,
 For example, the robots.txt file from facebook.com has a `Disallow: /ac.php` entry [http://facebook.com/robots.txt](http://facebook.com/robots.txt) and the resulting search for `<META NAME="ROBOTS"` shown below:
 
 ![Facebook Meta Tag Example](images/Meta_Tag_Example-Facebook-Aug_2013.png)\
-*Figure 10: Facebook Meta Tag Example*
+*Figure 4.1.3-1: Facebook Meta Tag Example*
 
 The above might be considered a fail since `INDEX,FOLLOW` is the default `<META>` Tag specified by the “Robots Exclusion Protocol” yet `Disallow: /ac.php` is listed in robots.txt.
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.4_Enumerate_Applications_on_Webserver.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.4_Enumerate_Applications_on_Webserver.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md
index f3e2483741..db6f707a5a 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.4_Enumerate_Applications_on_Webserver.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md
@@ -175,7 +175,7 @@ Reverse-IP services are similar to DNS inverse queries, with the difference that
 The following example shows the result of a query to one of the above reverse-IP services to `216.48.3.18`, the IP address of www.owasp.org. Three additional non-obvious symbolic names mapping to the same address have been revealed.
 
 ![OWASP Whois Info](images/Owasp-Info.jpg)\
-*Figure 4.2.4-1: OWASP Whois Info*
+*Figure 4.1.4-1: OWASP Whois Info*
 
 ##### Googling
 
@@ -183,7 +183,7 @@ Following information gathering from the previous techniques, testers can rely o
 
 For instance, considering the previous example regarding `www.owasp.org`, the tester could query Google and other search engines looking for information (hence, DNS names) related to the newly discovered domains of `webgoat.org`, `webscarab.com`, and `webscarab.net`.
 
-Googling techniques are explained in [Testing: Spiders, Robots, and Crawlers](4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md).
+Googling techniques are explained in [Testing: Spiders, Robots, and Crawlers](01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md).
 
 ### Gray-Box Testing
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.6_Identify_Application_Entry_Points.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/06-Identify_Application_Entry_Points.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.6_Identify_Application_Entry_Points.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/06-Identify_Application_Entry_Points.md
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.7_Map_Execution_Paths_Through_Application.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.7_Map_Execution_Paths_Through_Application.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application.md
index 883a570639..761d0bb2e5 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.7_Map_Execution_Paths_Through_Application.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application.md
@@ -39,7 +39,7 @@ Ensuring sufficient code coverage for the application owner is far easier with g
 The automatic spider is a tool used to automatically discover new resources (URLs) on a particular website. It begins with a list of URLs to visit, called the seeds, which depends on how the Spider is started. While there are a lot of Spidering tools, the following example uses the [Zed Attack Proxy (ZAP)](https://github.com/zaproxy/zaproxy):
 
 ![Zed Attack Proxy Screen](images/OWASPZAPSP.png)\
-*Figure 4.2.7-1: Zed Attack Proxy Screen*
+*Figure 4.1.7-1: Zed Attack Proxy Screen*
 
 [ZAP](https://github.com/zaproxy/zaproxy) offers the following automatic spidering features, which can be selected based on the tester's needs:
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.8_Fingerprint_Web_Application_Framework.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.8_Fingerprint_Web_Application_Framework.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.md
index 5253272d45..aa91cc8a86 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.8_Fingerprint_Web_Application_Framework.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.md
@@ -85,7 +85,7 @@ Another similar and somehow more reliable way to determine the current web frame
 Consider the following HTTP-request:
 
 ![Cakephp Http Request](images/Cakephp_cookie.png)\
-*Figure 4.2.8-1: Cakephp Http Request*
+*Figure 4.1.8-1: Cakephp Http Request*
 
 The cookie `CAKEPHP` has automatically been set, which gives information about the framework being used. List of common cookies names is presented in chapter [#Cookies](#Cookies). Limitations are the same - it is possible to change the name of the cookie. For example, for the selected `CakePHP` framework this could be done by the following configuration (excerpt from core.php):
 
@@ -110,13 +110,13 @@ This technique is based on finding certain patterns in the HTML page source code
 From the screenshot below one can easily learn the used framework and its version by the mentioned markers. The comment, specific paths and script variables can all help an attacker to quickly determine an instance of ZK framework.
 
 ![ZK Framework Sample](images/Zk_html_source.png)\
-*Figure 4.2.8-2: Cakephp Http Request*
+*Figure 4.1.8-2: Cakephp Http Request*
 
 More frequently such information is placed between `<head>``</head>`
 tags, in `<meta>` tags or at the end of the page. Nevertheless, it is recommended to check the whole document since it can be useful for other purposes such as inspection of other useful comments and hidden fields. Sometimes, web developers do not care much about hiding information about the framework used. It is still possible to stumble upon something like this at the bottom of the page:
 
 ![Banshee Bottom Page](images/Banshee_bottom_page.png)\
-*Figure 4.2.8-3: Banshee Bottom Page*
+*Figure 4.1.8-3: Banshee Bottom Page*
 
 #### File Extensions
 
@@ -191,7 +191,7 @@ Currently one of the best fingerprinting tools on the market. Included in a defa
 Sample output is presented on a screenshot below:
 
 ![Whatweb Output sample](images/Whatweb-sample.png)\
-*Figure 4.2.8-4: Whatweb Output sample*
+*Figure 4.1.8-4: Whatweb Output sample*
 
 ### BlindElephant
 
@@ -241,7 +241,7 @@ Note that by default, Wappalyzer will send anonymised data about the technology
 Sample output of a plug-in is presented on a screenshot below.
 
 ![Wappalyzer Output for OWASP Website](images/Owasp-wappalyzer.png)\
-*Figure 4.2.8-5: Wappalyzer Output for OWASP Website*
+*Figure 4.1.8-5: Wappalyzer Output for OWASP Website*
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.9_Fingerprint_Web_Application.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.9_Fingerprint_Web_Application.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md
index a981cf31c1..0102a38d48 100644
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.9_Fingerprint_Web_Application.md
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md
@@ -53,17 +53,17 @@ Apart from information gathered from HTML sources, there is another approach whi
 In order to uncover them a technique known as dirbusting is used. Dirbusting is brute forcing a target with predictable folder and file names and monitoring HTTP-responses to emumerate server contents. This information can be used both for finding default files and attacking them, and for fingerprinting the web application. Dirbusting can be done in several ways, the example below shows a successful dirbusting attack against a WordPress-powered target with the help of defined list and intruder functionality of Burp Suite.
 
 ![Dirbusting with Burp](images/Wordpress_dirbusting.png)\
-*Figure 4.2.9-1: Dirbusting with Burp*
+*Figure 4.1.9-1: Dirbusting with Burp*
 
 We can see that for some WordPress-specific folders (for instance, `/wp-includes/`, `/wp-admin/` and `/wp-content/`) HTTP-reponses are 403 (Forbidden), 302 (Found, redirection to wp-login.php) and 200 (OK) respectively. This is a good indicator that the target is WordPress-powered. The same way it is possible to dirbust different application plugin folders and their versions. On the screenshot below one can see a typical CHANGELOG file of a Drupal plugin, which provides information on the application being used and discloses a vulnerable plugin version.
 
 ![Drupal Botcha Disclosure](images/Drupal_botcha_disclosure.png)\
-*Figure 4.2.9-2: Drupal Botcha Disclosure*
+*Figure 4.1.9-2: Drupal Botcha Disclosure*
 
 Tip: before starting dirbusting, it is recommended to check the robots.txt file first. Sometimes application specific folders and other sensitive information can be found there as well. An example of such a robots.txt file is presented on a screenshot below.
 
 ![Robots Info Disclosure](images/Robots-info-disclosure.png)\
-*Figure 4.2.9-3: Robots Info Disclosure*
+*Figure 4.1.9-3: Robots Info Disclosure*
 
 Specific files and folders are different for each specific application. It is recommended to install the corresponding application during penetration tests in order to have better understanding of what infrastructure is presented and what files might be left on the server. However, several good file lists already exist and one good example is [FuzzDB wordlists of predictable files/folders](https://github.com/fuzzdb-project/fuzzdb).
 
@@ -126,7 +126,7 @@ Currently one of the best fingerprinting tools on the market. Included in a defa
 Sample output is presented on a screenshot below:
 
 ![Whatweb Output sample](images/Whatweb-sample.png)\
-*Figure 4.2.9-3: Whatweb Output Sample*
+*Figure 4.1.9-4: Whatweb Output Sample*
 
 ### BlindElephant
 
@@ -176,7 +176,7 @@ Note that by default, Wappalyzer will send anonymised data about the technology
 Sample output of a plug-in is presented on a screenshot below.
 
 ![Wappalyzer Output for OWASP Website](images/Owasp-wappalyzer.png)\
-*Figure 4.2.9-4: Wappalyzer Output for OWASP Website*
+*Figure 4.1.9-5: Wappalyzer Output for OWASP Website*
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.10_Map_Application_Architecture.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.10_Map_Application_Architecture.md
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md
diff --git a/document/4-Web_Application_Security_Testing/01-Information_Gathering/README.md b/document/4-Web_Application_Security_Testing/01-Information_Gathering/README.md
new file mode 100644
index 0000000000..6d5c001425
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/01-Information_Gathering/README.md
@@ -0,0 +1,21 @@
+# 4.1 Testing for Information Gathering
+
+[4.1.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
+
+[4.1.2 Fingerprint Web Server](02-Fingerprint_Web_Server.md)
+
+[4.1.3 Review Webserver Metafiles for Information Leakage](03-Review_Webserver_Metafiles_for_Information_Leakage.md)
+
+[4.1.4 Enumerate Applications on Webserver](04-Enumerate_Applications_on_Webserver.md)
+
+[4.1.5 Review Webpage Comments and Metadata for Information Leakage](05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md)
+
+[4.1.6 Identify Application Entry Points](06-Identify_Application_Entry_Points.md)
+
+[4.1.7 Map Execution Paths Through Application](07-Map_Execution_Paths_Through_Application.md)
+
+[4.1.8 Fingerprint Web Application Framework](08-Fingerprint_Web_Application_Framework.md)
+
+[4.1.9 Fingerprint Web Application](09-Fingerprint_Web_Application.md)
+
+[4.1.10 Map Application Architecture](10-Map_Application_Architecture.md)
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Banshee_bottom_page.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Banshee_bottom_page.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Cakephp_cookie.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Cakephp_cookie.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Drupal_botcha_disclosure.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Drupal_botcha_disclosure.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Google_cache_Operator_Search_Results_Example_20190828.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Google_cache_Operator_Search_Results_Example_20190828.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Google_cache_Operator_Search_Results_Example_20190828.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Google_cache_Operator_Search_Results_Example_20190828.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Google_site_Operator_Search_Results_Example_20190828.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Google_site_Operator_Search_Results_Example_20190828.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Google_site_Operator_Search_Results_Example_20190828.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Google_site_Operator_Search_Results_Example_20190828.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Httprint.jpg b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Httprint.jpg
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Meta_Tag_Example-Facebook-Aug_2013.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Meta_Tag_Example-Facebook-Aug_2013.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Meta_Tag_Example-Facebook-Aug_2013.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Meta_Tag_Example-Facebook-Aug_2013.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Netcraft2.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Netcraft2.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/OWASPZAPSP.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/OWASPZAPSP.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Owasp-Info.jpg b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Owasp-Info.jpg
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Owasp-wappalyzer.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Owasp-wappalyzer.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Robots-info-disclosure.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Robots-info-disclosure.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Whatweb-sample.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Whatweb-sample.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Wordpress_dirbusting.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Wordpress_dirbusting.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Zk_html_source.png b/document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.2_Information_Gathering/images/Zk_html_source.png
rename to document/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md
index 1bc1870112..399fe7c049 100644
--- a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md
@@ -20,7 +20,7 @@ The following steps need to be taken to test the configuration management infras
 - The authentication systems, need to reviewed in order to assure that they serve the needs of the application and that they cannot be manipulated by external users to leverage access.
 - A list of defined ports which are required for the application should be maintained and kept under change control.
 
-After having mapped the different elements that make up the infrastructure (see [Map Network and Application Architecture](../4.2_Information_Gathering/4.2.10_Map_Application_Architecture.md)) it is possible to review the configuration of each element founded and test for any known vulnerabilities.
+After having mapped the different elements that make up the infrastructure (see [Map Network and Application Architecture](../01-Information_Gathering/10-Map_Application_Architecture.md)) it is possible to review the configuration of each element founded and test for any known vulnerabilities.
 
 ## Test Objectives
 
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.2_Test_Application_Platform_Configuration.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.2_Test_Application_Platform_Configuration.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md
index 2dd0aa5c8b..56d820cd91 100644
--- a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md
@@ -50,7 +50,7 @@ The following file extensions are related to files which, when accessed, are eit
 
 The list given above details only a few examples, since file extensions are too many to be comprehensively treated here. Refer to [https://filext.com](https://filext.com/) for a more thorough database of extensions.
 
-To identify files having a given extensions a mix of techniques can be employed. THese techniques can include Vulnerability Scanners, spidering and mirroring tools, manually inspecting the application (this overcomes limitations in automatic spidering), querying search engines (see [Testing: Spidering and googling](../4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)). See also [Testing for Old, Backup and Unreferenced Files](4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md) which deals with the security issues related to “forgotten” files.
+To identify files having a given extensions a mix of techniques can be employed. THese techniques can include Vulnerability Scanners, spidering and mirroring tools, manually inspecting the application (this overcomes limitations in automatic spidering), querying search engines (see [Testing: Spidering and googling](../01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)). See also [Testing for Old, Backup and Unreferenced Files](04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md) which deals with the security issues related to “forgotten” files.
 
 ### File Upload
 
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md
index 2bc41edd4d..237abe87ee 100644
--- a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md
@@ -21,7 +21,7 @@ In many instances, such interfaces do not have sufficient controls to protect th
 
 ### Black-Box Testing
 
-The following section describes vectors that may be used to test for the presence of administrative interfaces. These techniques may also be used to test for related issues including privilege escalation, and are described elsewhere in this guide(for example [Testing for bypassing authorization schema](../4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md) and [Testing for Insecure Direct Object References](../4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md) in greater detail.
+The following section describes vectors that may be used to test for the presence of administrative interfaces. These techniques may also be used to test for related issues including privilege escalation, and are described elsewhere in this guide(for example [Testing for bypassing authorization schema](../05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md) and [Testing for Insecure Direct Object References](../05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md) in greater detail.
 
 - Directory and file enumeration. An administrative interface may be present but not visibly available to the tester. Attempting to guess the path of the administrative interface may be as simple as requesting: */admin or /administrator etc..* or in some scenarios can be revealed within seconds using [Google dorks](https://www.exploit-db.com/google-hacking-database).
 - There are many tools available to perform brute forcing of server contents, see the tools section below for more information. A tester may have to also identify the file name of the administration page. Forcibly browsing to the identified page may provide access to the interface.
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.6_Test_HTTP_Methods.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.6_Test_HTTP_Methods.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.8_Test_RIA_Cross_Domain_Policy.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.8_Test_RIA_Cross_Domain_Policy.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.9_Test_File_Permission.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission.md
old mode 100755
new mode 100644
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.9_Test_File_Permission.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission.md
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.10_Test_for_Subdomain_Takeover.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.10_Test_for_Subdomain_Takeover.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md
index dd8020556b..244d213532 100644
--- a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.10_Test_for_Subdomain_Takeover.md
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md
@@ -69,12 +69,12 @@ OrgName: GitHub, Inc.
 The tester visits subdomain.victim.com or issues a HTTP GET request which returns a "404 - File not found" response which is a clear indication of the vulnerability.
 
 ![GitHub 404 File Not Found response](images/subdomain_takeover_ex1.jpeg)\
-*Figure 4.3.10-1: GitHub 404 File Not Found response*
+*Figure 4.2.10-1: GitHub 404 File Not Found response*
 
 The tester claims the domain using GitHub Pages:
 
 ![GitHub claim domain](images/subdomain_takeover_ex2.jpeg)\
-*Figure 4.3.10-2: GitHub claim domain*
+*Figure 4.2.10-2: GitHub claim domain*
 
 #### Testing NS Record Subdomain Takeover
 
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.11_Test_Cloud_Storage.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/11-Test_Cloud_Storage.md
old mode 100755
new mode 100644
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.11_Test_Cloud_Storage.md
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/11-Test_Cloud_Storage.md
diff --git a/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md
new file mode 100644
index 0000000000..91355b222d
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md
@@ -0,0 +1,23 @@
+# 4.2 Testing for Configuration and Deployment Management
+
+[4.2.1 Test Network/Infrastructure Configuration](01-Test_Network_Infrastructure_Configuration.md)
+
+[4.2.2 Test Application Platform Configuration](02-Test_Application_Platform_Configuration.md)
+
+[4.2.3 Test File Extensions Handling for Sensitive Information](03-Test_File_Extensions_Handling_for_Sensitive_Information.md)
+
+[4.2.4 Review Old, Backup and Unreferenced Files for Sensitive Information](04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md)
+
+[4.2.5 Enumerate Infrastructure and Application Admin Interfaces](05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md)
+
+[4.2.6 Test HTTP Methods](06-Test_HTTP_Methods.md)
+
+[4.2.7 Test HTTP Strict Transport Security](07-Test_HTTP_Strict_Transport_Security.md)
+
+[4.2.8 Test RIA Cross Domain Policy](08-Test_RIA_Cross_Domain_Policy.md)
+
+[4.2.9 Test File Permission](09-Test_File_Permission.md)
+
+[4.2.10 Test for Subdomain Takeover](10-Test_for_Subdomain_Takeover.md)
+
+[4.2.11 Test Cloud Storage](11-Test_Cloud_Storage.md)
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex1.jpeg b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex1.jpeg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex1.jpeg
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex1.jpeg
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex2.jpeg b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex2.jpeg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex2.jpeg
rename to document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/images/subdomain_takeover_ex2.jpeg
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.1_Test_Role_Definitions.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.1_Test_Role_Definitions.md
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.2_Test_User_Registration_Process.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process.md
similarity index 96%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.2_Test_User_Registration_Process.md
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process.md
index dbb2b75c69..4e19b3902e 100644
--- a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.2_Test_User_Registration_Process.md
+++ b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process.md
@@ -34,12 +34,12 @@ Validate the registration process:
 In the WordPress example below, the only identification requirement is an email address that is accessible to the registrant.
 
 ![Wordpress Registration Page](images/Wordpress_registration_page.jpg)\
-*Figure 4.4.2-1: Wordpress Registration Page*
+*Figure 4.3.2-1: Wordpress Registration Page*
 
 In contrast, in the Google example below the identification requirements include name, date of birth, country, mobile phone number, email address and CAPTCHA response. While only two of these can be verified (email address and mobile number), the identification requirements are stricter than WordPress.
 
 ![Google Registration Page](images/Google_registration_page.jpg)\
-*Figure 4.4.2-2: Google Registration Page*
+*Figure 4.3.2-2: Google Registration Page*
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.3_Test_Account_Provisioning_Process.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.3_Test_Account_Provisioning_Process.md
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process.md
index 4b581c1e53..8eb1f9f2ce 100644
--- a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.3_Test_Account_Provisioning_Process.md
+++ b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process.md
@@ -28,12 +28,12 @@ Determine which roles are able to provision users and what sort of accounts they
 In WordPress, only a user's name and email address are required to provision the user, as shown below:
 
 ![Wordpress User Add](images/Wordpress_useradd.png)\
-*Figure 4.4.3-1: Wordpress User Add*
+*Figure 4.3.3-1: Wordpress User Add*
 
 De-provisioning of users requires the administrator to select the users to be de-provisioned, select Delete from the dropdown menu (circled) and then applying this action. The administrator is then presented with a dialog box asking what to do with the user's posts (delete or transfer them).
 
 ![Wordpress Auth and Users](images/Wordpress_authandusers.png)\
-*Figure 4.4.3-2: Wordpress Auth and Users*
+*Figure 4.3.3-2: Wordpress Auth and Users*
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md
index 9c56b57324..de3130470d 100644
--- a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md
+++ b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md
@@ -33,12 +33,12 @@ Now, the tester should try to insert a valid user ID and a wrong password and re
 > The browser should display a message similar to the following one:
 >
 > ![Authentication Failed](images/AuthenticationFailed.png)\
-> *Figure 4.4.4-1: Authentication Failed*
+> *Figure 4.3.4-1: Authentication Failed*
 >
 > or something like:
 >
 > ![No Configuration Found](images/NoConfFound.jpg)\
-> *Figure 4.4.4-2: No Configuration Found*
+> *Figure 4.3.4-2: No Configuration Found*
 >
 > against any message that reveals the existence of user, for instance, message similar to:
 >
@@ -53,7 +53,7 @@ Now, the tester should try to insert an invalid user ID and a wrong password and
 > If the tester enters a nonexistent user ID, they can receive a message similar to:
 >
 > ![This User is Not Active](images/Userisnotactive.png)\
-> *Figure 4.4.4-3: This User is Not Active*
+> *Figure 4.3.4-3: This User is Not Active*
 >
 > or message like the following one:
 >
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/05-Testing_for_Weak_or_Unenforced_Username_Policy.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy.md
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/05-Testing_for_Weak_or_Unenforced_Username_Policy.md
diff --git a/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md
new file mode 100644
index 0000000000..fb69104f2e
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md
@@ -0,0 +1,11 @@
+# 4.3 Testing for Identity Management
+
+[4.3.1 Test Role Definitions](01-Test_Role_Definitions.md)
+
+[4.3.2 Test User Registration Process](02-Test_User_Registration_Process.md)
+
+[4.3.3 Test Account Provisioning Process](03-Test_Account_Provisioning_Process.md)
+
+[4.3.4 Testing for Account Enumeration and Guessable User Account](04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
+
+[4.3.5 Testing for Weak or Unenforced Username Policy](05-Testing_for_Weak_or_Unenforced_Username_Policy.md)
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/AuthenticationFailed.png b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/AuthenticationFailed.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/AuthenticationFailed.png
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/AuthenticationFailed.png
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Google_registration_page.jpg b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Google_registration_page.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Google_registration_page.jpg
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Google_registration_page.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/NoConfFound.jpg b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/NoConfFound.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/NoConfFound.jpg
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/NoConfFound.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Userisnotactive.png b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Userisnotactive.png
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_authandusers.png b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_authandusers.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_authandusers.png
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_authandusers.png
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_registration_page.jpg b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_registration_page.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_registration_page.jpg
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_registration_page.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_useradd.png b/document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/images/Wordpress_useradd.png
rename to document/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
index e2986eed66..77d9c4e472 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md
@@ -10,7 +10,7 @@ Testing for credentials transport means verifying that the user's authentication
 
 Clearly, the fact that traffic is encrypted does not necessarily mean that it's completely safe. The security also depends on the encryption algorithm used and the robustness of the keys that the application is using, but this particular topic will not be addressed in this section.
 
-For a more detailed discussion on testing the safety of TLS/SSL channels refer to the chapter [Testing for Weak SSL/TLS](../4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md). Here, the tester will just try to understand if the data that users put in to web forms in order to log in to a web site, are transmitted using secure protocols that protect them from an attacker.
+For a more detailed discussion on testing the safety of TLS/SSL channels refer to the chapter [Testing for Weak SSL/TLS](../09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md). Here, the tester will just try to understand if the data that users put in to web forms in order to log in to a web site, are transmitted using secure protocols that protect them from an attacker.
 
 Nowadays, the most common example of this issue is the log in page of a web application. The tester should verify that user's credentials are transmitted via an encrypted channel. In order to log in to a web site, the user usually has to fill a simple form that transmits the inserted data to the web application with the POST method. What is less obvious is that this data can be passed using the HTTP protocol, which transmits the data in a non-secure, clear text form, or using the HTTPS protocol, which encrypts the data during the transmission. To further complicate things, there is the possibility that the site has the login page accessible via HTTP (making us believe that the transmission is insecure), but then it actually sends data via HTTPS. This test is done to be sure that an attacker cannot retrieve sensitive information by simply sniffing the network with a sniffer tool.
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.2_Testing_for_Default_Credentials.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.2_Testing_for_Default_Credentials.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md
index ad0dd43c30..6e13042d4b 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.2_Testing_for_Default_Credentials.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md
@@ -23,7 +23,7 @@ The root cause of this problem can be identified as:
 
 ### Testing for Default Credentials of Common Applications
 
-In black-box testing the tester knows nothing about the application and its underlying infrastructure. In reality this is often not true, and some information about the application is known. We suppose that you have identified, through the use of the techniques described in this Testing Guide under the chapter [Information Gathering](../4.2_Information_Gathering/README.md), at least one or more common applications that may contain accessible administrative interfaces.
+In black-box testing the tester knows nothing about the application and its underlying infrastructure. In reality this is often not true, and some information about the application is known. We suppose that you have identified, through the use of the techniques described in this Testing Guide under the chapter [Information Gathering](../01-Information_Gathering/README.md), at least one or more common applications that may contain accessible administrative interfaces.
 
 When you have identified an application interface, for example a Cisco router web interface or a Weblogic administrator portal, check that the known usernames and passwords for these devices do not result in successful authentication. To do this you can consult the manufacturer’s documentation or, in a much simpler way, you can find common credentials using a search engine or by using one of the sites or tools listed in the Reference section.
 
@@ -31,7 +31,7 @@ When facing applications where we do not have a list of default and common user
 
 Many applications have verbose error messages that inform the site users as to the validity of entered usernames. This information will be helpful when testing for default or guessable user accounts. Such functionality can be found, for example, on the log in page, password reset and forgotten password page, and sign up page. Once you have found a default username you could also start guessing passwords for this account.
 
-More information about this procedure can be found in the section [Testing for User Enumeration and Guessable User Account](../4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md) and in the section [Testing for Weak password policy](../4.5_Authentication_Testing/4.5.7_Testing_for_Weak_Password_Policy.md).
+More information about this procedure can be found in the section [Testing for User Enumeration and Guessable User Account](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md) and in the section [Testing for Weak password policy](../4.5_Authentication_Testing/07-Testing_for_Weak_Password_Policy.md).
 
 Since these types of default credentials are often bound to administrative accounts you can proceed in this manner:
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md
index e513edc1ed..13dc6cb12b 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md
@@ -8,7 +8,7 @@
 
 Account lockout mechanisms are used to mitigate brute force password guessing attacks. Accounts are typically locked after 3 to 5 unsuccessful login attempts and can only be unlocked after a predetermined period of time, via a self-service unlock mechanism, or intervention by an administrator. Account lockout mechanisms require a balance between protecting accounts from unauthorized access and protecting users from being denied authorized access.
 
-Note that this test should cover all aspects of authentication where lockout mechanisms would be appropriate, e.g. when the user is presented with security questions during forgotten password mechanisms (see [Testing for Weak security question/answer](4.5.8_Testing_for_Weak_Security_Question_Answer.md).
+Note that this test should cover all aspects of authentication where lockout mechanisms would be appropriate, e.g. when the user is presented with security questions during forgotten password mechanisms (see [Testing for Weak security question/answer](08-Testing_for_Weak_Security_Question_Answer.md).
 
 Without a strong lockout mechanism, the application may be susceptible to brute force attacks. After a successful brute force attack, a malicious user could have access to:
 
@@ -39,7 +39,7 @@ To evaluate the account lockout mechanism's ability to mitigate brute force pass
 
 A CAPTCHA may hinder brute force attacks, but they can come with their own set of weaknesses, and should not replace a lockout mechanism.
 
-To evaluate the unlock mechanism's resistance to unauthorized account unlocking, initiate the unlock mechanism and look for weaknesses. Typical unlock mechanisms may involve secret questions or an emailed unlock link. The unlock link should be a unique one-time link, to stop an attacker from guessing or replaying the link and performing brute force attacks in batches. Secret questions and answers should be strong (see [Testing for Weak Security Question/Answer](4.5.8_Testing_for_Weak_Security_Question_Answer.md).
+To evaluate the unlock mechanism's resistance to unauthorized account unlocking, initiate the unlock mechanism and look for weaknesses. Typical unlock mechanisms may involve secret questions or an emailed unlock link. The unlock link should be a unique one-time link, to stop an attacker from guessing or replaying the link and performing brute force attacks in batches. Secret questions and answers should be strong (see [Testing for Weak Security Question/Answer](08-Testing_for_Weak_Security_Question_Answer.md).
 
 Note that an unlock mechanism should only be used for unlocking accounts. It is not the same as a password recovery mechanism.
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.4_Testing_for_Bypassing_Authentication_Schema.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md
similarity index 96%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.4_Testing_for_Bypassing_Authentication_Schema.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md
index bf540d99ea..77d96c5542 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.4_Testing_for_Bypassing_Authentication_Schema.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md
@@ -34,7 +34,7 @@ There are several methods of bypassing the authentication schema that is used by
 If a web application implements access control only on the log in page, the authentication schema could be bypassed. For example, if a user directly requests a different page via forced browsing, that page may not check the credentials of the user before granting access. Attempt to directly access a protected page through the address bar in your browser to test using this method.
 
 ![Direct Request to Protected Page](images/Basm-directreq.jpg)\
-*Figure 4.5.4-1: Direct Request to Protected Page*
+*Figure 4.4.4-1: Direct Request to Protected Page*
 
 #### Parameter Modification
 
@@ -60,7 +60,7 @@ Another problem related to authentication design is when the application verifie
 ```
 
 ![Parameter Modified Request](images/Basm-parammod.jpg)\
-*Figure 4.5.4-2: Parameter Modified Request*
+*Figure 4.4.4-2: Parameter Modified Request*
 
 #### Session ID Prediction
 
@@ -69,24 +69,24 @@ Many web applications manage authentication by using session identifiers (sessio
 In the following figure, values inside cookies increase linearly, so it could be easy for an attacker to guess a valid session ID.
 
 ![Cookie Values Over Time](images/Basm-sessid.jpg)\
-*Figure 4.5.4-3: Cookie Values Over Time*
+*Figure 4.4.4-3: Cookie Values Over Time*
 
 In the following figure, values inside cookies change only partially, so it's possible to restrict a brute force attack to the defined fields shown below.
 
 ![Partially Changed Cookie Values](images/Basm-sessid2.jpg)\
-*Figure 4.5.4-4: Partially Changed Cookie Values*
+*Figure 4.4.4-4: Partially Changed Cookie Values*
 
 #### SQL Injection (HTML Form Authentication)
 
 SQL Injection is a widely known attack technique. This section is not going to describe this technique in detail as there are several sections in this guide that explain injection techniques beyond the scope of this section.
 
 ![SQL Injection](images/Basm-sqlinj.jpg)\
-*Figure 4.5.4-5: SQL Injection*
+*Figure 4.4.4-5: SQL Injection*
 
 The following figure shows that with a simple SQL injection attack, it is sometimes possible to bypass the authentication form.
 
 ![Simple SQL Injection Attack](images/Basm-sqlinj2.gif)\
-*Figure 4.5.4-6: Simple SQL Injection Attack*
+*Figure 4.4.4-6: Simple SQL Injection Attack*
 
 ### Gray-Box Testing
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.5_Testing_for_Vulnerable_Remember_Password.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md
similarity index 74%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.5_Testing_for_Vulnerable_Remember_Password.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md
index e4d44994af..d49c960eee 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.5_Testing_for_Vulnerable_Remember_Password.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md
@@ -17,11 +17,11 @@ In order to assist users with their credentials, multiple technologies surfaced:
 
 As these methods provide a better user experience and allow the user to forget all about their credentials, they increase the attack surface area. Some applications:
 
-- Store the credentials in an encoded fashion in the browser's storage mechanisms, which can be verified by following the [web storage testing scenario](../4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md) and going through the [session analysis](../4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md#session_analysis) scenarios. Credentials shouldn't be stored in any way in the client-side application, and should be substitued by tokens generated from the server side.
+- Store the credentials in an encoded fashion in the browser's storage mechanisms, which can be verified by following the [web storage testing scenario](../11-Client_Side_Testing/12-Testing_Web_Storage.md) and going through the [session analysis](../06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md#session_analysis) scenarios. Credentials shouldn't be stored in any way in the client-side application, and should be substitued by tokens generated from the server side.
 - Automatically inject the user's credentials that can be abused by:
-  - [ClickJacking](../4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md) attacks.
-  - [CSRF](../4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md) attacks.
-- Tokens should be analyzed in terms of token-lifetime, where some tokens never expire and put the users in danger if those tokens ever get stolen. Make sure to follow the [session timeout](../4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md) testing scenario.
+  - [ClickJacking](../11-Client_Side_Testing/09-Testing_for_Clickjacking.md) attacks.
+  - [CSRF](../06-Session_Management_Testing/05-Testing_for_CSRF.md) attacks.
+- Tokens should be analyzed in terms of token-lifetime, where some tokens never expire and put the users in danger if those tokens ever get stolen. Make sure to follow the [session timeout](../06-Session_Management_Testing/07-Testing_Session_Timeout.md) testing scenario.
 
 ## Remediation
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.6_Testing_for_Browser_Cache_Weaknesses.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.6_Testing_for_Browser_Cache_Weaknesses.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.7_Testing_for_Weak_Password_Policy.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.7_Testing_for_Weak_Password_Policy.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.8_Testing_for_Weak_Security_Question_Answer.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
similarity index 89%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.8_Testing_for_Weak_Security_Question_Answer.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
index 109f1aa0aa..d197695d12 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.8_Testing_for_Weak_Security_Question_Answer.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
@@ -6,7 +6,7 @@
 
 ## Summary
 
-Often called “secret” questions and answers, security questions and answers are often used to recover forgotten passwords (see [Testing for weak password change or reset functionalities](4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md), or as extra security on top of the password.
+Often called “secret” questions and answers, security questions and answers are often used to recover forgotten passwords (see [Testing for weak password change or reset functionalities](09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md), or as extra security on top of the password.
 
 They are typically generated upon account creation and require the user to select from some pre-generated questions and supply an appropriate answer. They may allow the user to generate their own question and answer pairs. Both methods are prone to insecurities.Ideally, security questions should generate answers that are only known by the user, and not guessable or discoverable by anybody else. This is harder than it sounds.
 Security questions and answers rely on the secrecy of the answer. Questions and answers should be chosen so that the answers are only known by the account holder. However, although a lot of answers may not be publicly known, most of the questions that websites implement promote answers that are pseudo-private.
@@ -36,11 +36,11 @@ Try to obtain a list of security questions by creating a new account or by follo
 
 ### Testing for Weak Self-Generated Questions
 
-Try to create security questions by creating a new account or by configuring your existing account’s password recovery properties. If the system allows the user to generate their own security questions, it is vulnerable to having insecure questions created. If the system uses the self-generated security questions during the forgotten password functionality and if usernames can be enumerated (see [Testing for Account Enumeration and Guessable User Account](../4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md), then it should be easy for the tester to enumerate a number of self-generated questions. It should be expected to find several weak self-generated questions using this method.
+Try to create security questions by creating a new account or by configuring your existing account’s password recovery properties. If the system allows the user to generate their own security questions, it is vulnerable to having insecure questions created. If the system uses the self-generated security questions during the forgotten password functionality and if usernames can be enumerated (see [Testing for Account Enumeration and Guessable User Account](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md), then it should be easy for the tester to enumerate a number of self-generated questions. It should be expected to find several weak self-generated questions using this method.
 
 ### Testing for Brute-forcible Answers
 
-Use the methods described in [Testing for Weak lock out mechanism](4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md) to determine if a number of incorrectly supplied security answers trigger a lockout mechanism.
+Use the methods described in [Testing for Weak lock out mechanism](03-Testing_for_Weak_Lock_Out_Mechanism.md) to determine if a number of incorrectly supplied security answers trigger a lockout mechanism.
 
 The first thing to take into consideration when trying to exploit security questions is the number of questions that need to be answered. The majority of applications only need the user to answer a single question, whereas some critical applications may require the user to answer two or even more questions.
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
similarity index 93%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
index 6be39d5431..e869565f08 100644
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md
@@ -19,7 +19,7 @@ For both password change and password reset it is important to check:
 
 1. if users, other than administrators, can change or reset passwords for accounts other than their own.
 2. if users can manipulate or subvert the password change or reset process to change or reset the password of another user or administrator.
-3. if the password change or reset process is vulnerable to [CSRF](../4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md).
+3. if the password change or reset process is vulnerable to [CSRF](../06-Session_Management_Testing/05-Testing_for_CSRF.md).
 
 ### Test Password Reset
 
@@ -28,7 +28,7 @@ In addition to the previous checks it is important to verify the following:
 - What information is required to reset the password?
 
   The first step is to check whether secret questions are required. Sending the password (or a password reset link) to the user email address without first asking for a secret question means relying 100% on the security of that email address, which is not suitable if the application needs a high level of security.
-  On the other hand, if secret questions are used, the next step is to assess their strength. This specific test is discussed in detail in the [Testing for Weak security question/answer](4.5.8_Testing_for_Weak_Security_Question_Answer.md) paragraph of this guide.
+  On the other hand, if secret questions are used, the next step is to assess their strength. This specific test is discussed in detail in the [Testing for Weak security question/answer](08-Testing_for_Weak_Security_Question_Answer.md) paragraph of this guide.
 
 - How are reset passwords communicated to the user?
   The most insecure scenario here is if the password reset tool shows you the password; this gives the attacker the ability to log into the account, and unless the application provides information about the last log in the victim would not know that their account has been compromised.
@@ -51,7 +51,7 @@ In addition to the previous test it is important to verify:
 - Is the old password requested to complete the change?
 
   The most insecure scenario here is if the application permits the change of the password without requesting the current password. Indeed if an attacker is able to take control of a valid session they could easily change the victim's password.
-  See also [Testing for Weak password policy](4.5.7_Testing_for_Weak_Password_Policy.md) paragraph of this guide.
+  See also [Testing for Weak password policy](07-Testing_for_Weak_Password_Policy.md) paragraph of this guide.
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel.md
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md
diff --git a/document/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md
new file mode 100644
index 0000000000..25cce75a06
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md
@@ -0,0 +1,21 @@
+# 4.4 Authentication Testing
+
+[4.4.1 Testing for Credentials Transported over an Encrypted Channel](01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)
+
+[4.4.2 Testing for Default Credentials](02-Testing_for_Default_Credentials.md)
+
+[4.4.3 Testing for Weak Lock Out Mechanism](03-Testing_for_Weak_Lock_Out_Mechanism.md)
+
+[4.4.4 Testing for Bypassing Authentication Schema](04-Testing_for_Bypassing_Authentication_Schema.md)
+
+[4.4.5 Test Remember Password Functionality](05-Testing_for_Vulnerable_Remember_Password.md)
+
+[4.4.6 Testing for Browser Cache Weaknesses](06-Testing_for_Browser_Cache_Weaknesses.md)
+
+[4.4.7 Testing for Weak Password Policy](07-Testing_for_Weak_Password_Policy.md)
+
+[4.4.8 Testing for Weak Security Question/Answer](08-Testing_for_Weak_Security_Question_Answer.md)
+
+[4.4.9 Testing for Weak Password Change or Reset Functionalities](09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md)
+
+[4.4.10 Testing for Weaker Authentication in Alternative Channel](10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md)
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-directreq.jpg b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-directreq.jpg
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-parammod.jpg b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-parammod.jpg
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sessid.jpg b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sessid.jpg
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sessid2.jpg b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sessid2.jpg
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sqlinj.jpg b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sqlinj.jpg
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sqlinj2.gif b/document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/images/Basm-sqlinj2.gif
rename to document/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif
diff --git a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.1_Testing_Directory_Traversal_File_Include.md b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.1_Testing_Directory_Traversal_File_Include.md
rename to document/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include.md
diff --git a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md
rename to document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md
diff --git a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.3_Testing_for_Privilege_Escalation.md b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.3_Testing_for_Privilege_Escalation.md
rename to document/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
diff --git a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md
rename to document/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md
index 7155726c8a..7150bc9a0b 100644
--- a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md
+++ b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md
@@ -45,7 +45,7 @@ Sample request:
 
 In this case, the value of the *file* parameter is used to tell the application what file the user intends to retrieve. By providing the name or identifier of a different file (for example file=image00012.jpg) the attacker will be able to retrieve objects belonging to other users.
 
-To test for this case, the tester should obtain a reference the user is not supposed to be able to access and attempt to access it by using it as the value of *file* parameter. Note: This vulnerability is often exploited in conjunction with a directory/path traversal vulnerability (see [Testing for Path Traversal](4.6.1_Testing_Directory_Traversal_File_Include.md))
+To test for this case, the tester should obtain a reference the user is not supposed to be able to access and attempt to access it by using it as the value of *file* parameter. Note: This vulnerability is often exploited in conjunction with a directory/path traversal vulnerability (see [Testing for Path Traversal](01-Testing_Directory_Traversal_File_Include.md))
 
 ### The Value of a Parameter Is Used Directly to Access Application Functionality
 
diff --git a/document/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md
new file mode 100644
index 0000000000..7cb0700033
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md
@@ -0,0 +1,9 @@
+# 4.5 Authorization Testing
+
+[4.5.1 Testing Directory Traversal/File Include](01-Testing_Directory_Traversal_File_Include.md)
+
+[4.5.2 Testing for Bypassing Authorization Schema](02-Testing_for_Bypassing_Authorization_Schema.md)
+
+[4.5.3 Testing for Privilege Escalation](03-Testing_for_Privilege_Escalation.md)
+
+[4.5.4 Testing for Insecure Direct Object References](04-Testing_for_Insecure_Direct_Object_References.md)
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md
index 66d1f602f5..6421e36c15 100644
--- a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md
+++ b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md
@@ -1,4 +1,3 @@
-
 # Testing for Session Management Schema
 
 |ID           |
@@ -186,7 +185,7 @@ Session token should have a defined time-out (it depends on the criticality of t
   - secure (set only on HTTPS channel): `Set-Cookie: cookie=data; path=/; domain=.aaa.it; secure`
   - [HTTPOnly](https://owasp.org/www-community/HttpOnly) (not readable by a script): `Set-Cookie: cookie=data; path=/; domain=.aaa.it; HttpOnly`
 
-More information here: [Testing for cookies attributes](4.7.2_Testing_for_Cookies_Attributes.md)
+More information here: [Testing for cookies attributes](02-Testing_for_Cookies_Attributes.md)
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md
index e6394e5ec7..de6fdeb3c6 100644
--- a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md
+++ b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md
@@ -1,130 +1,130 @@
-# Testing for Cookies Attributes
-
-|ID           |
-|-------------|
-|WSTG-SESS-002|
-
-## Summary
-
-Cookies are often a key attack vector for malicious users (typically targeting other users) and the application should always take due diligence to protect cookies. This section looks at how an application can take the necessary precautions when assigning cookies, and how to test that these attributes have been correctly configured.
-
-The importance of secure use of cookies cannot be understated, especially within dynamic web applications, which need to maintain state across a stateless protocol such as HTTP. To understand the importance of cookies it is imperative to understand what they are primarily used for. These primary functions usually consist of being used as a session authorization and authentication tokens, or as a temporary data container. Thus, if an attacker were able to acquire a session token (for example, by exploiting a cross site scripting vulnerability or by sniffing an unencrypted session), then they could use this cookie to hijack a valid session.
-
-Additionally, cookies are set to maintain state across multiple requests. Since HTTP is stateless, the server cannot determine if a request it receives is part of a current session or the start of a new session without some type of identifier. This identifier is very commonly a cookie although other methods are also possible. There are many different types of applications that need to keep track of session state across multiple requests. A common one that comes to mind would be an online store. As a user adds multiple items to a shopping cart, this data needs to be retained in subsequent requests to the application. Cookies are very commonly used for this task and are set by the application using the `Set-Cookie` directive in the application's HTTP response, and is usually in a `name=value` format (if cookies are enabled and if they are supported, as is the case for all modern web browsers). Once an application has told the browser to use a particular cookie, the browser will send this cookie in each subsequent request. A cookie can contain data such as items from an online shopping cart, the price of these items, the quantity of these items, personal information, user IDs, etc.
-
-Due to the sensitive nature of information in cookies, they are typically encoded or encrypted in an attempt to protect the information they contain. Often, multiple cookies will be set (separated by a semicolon) upon subsequent requests. For example, in the case of an online store, a new cookie could be set as the user adds multiple items to the shopping cart. Additionally, there will typically be a cookie for authentication (session token as indicated above) once the user logs in, and multiple other cookies used to identify the items the user wishes to purchase and their auxiliary information (i.e., price and quantity) in the online store type of application.
-
-Once the tester has an understanding of how cookies are set, when they are set, what they are used for, why they are used, and their importance, they should take a look at what attributes can be set for a cookie and how to test if they are secure. The following is a list of the attributes that can be set for each cookie and what they mean. The next section will focus on how to test for each attribute.
-
-- `Secure` - This attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.
-- `HttpOnly` - This attribute is used to help prevent attacks such as cross-site scripting, since it does not allow the cookie to be accessed via a client side script such as JavaScript. Note that not all browsers support this functionality.
-- `Domain` - This attribute is used to compare against the domain of the server in which the URL is being requested. If the domain matches or if it is a subdomain, then the `path` attribute will be checked next.
-
-Note that only hosts within the specified domain can set a cookie for that domain. Additionally, the `domain` attribute cannot be a top level domain (such as `.gov` or `.com`) to prevent servers from setting arbitrary cookies for another domain. If the domain attribute is not set, then the host name of the server that generated the cookie is used as the default value of the `domain`.
-
-For example, if a cookie is set by an application at `app.mydomain.com` with no domain attribute set, then the cookie would be resubmitted for all subsequent requests for `app.mydomain.com` and its subdomains (such as `hacker.app.mydomain.com`), but not to `otherapp.mydomain.com`. If a developer wanted to loosen this restriction, then he could set the `domain` attribute to `mydomain.com`. In this case the cookie would be sent to all requests for `app.mydomain.com` and its subdomains, such as `hacker.app.mydomain.com`, and even `bank.mydomain.com`. If there was a vulnerable server on a subdomain (for example, `otherapp.mydomain.com`) and the `domain` attribute has been set too loosely (for example, `mydomain.com`), then the vulnerable server could be used to harvest cookies (such as session tokens).
-
-- `Path` - In addition to the domain, the URL path that the cookie is valid for can be specified. If the domain and path match, then the cookie will be sent in the request. Just as with the domain attribute, if the path attribute is set too loosely, then it could leave the application vulnerable to attacks by other applications on the same server. For example, if the path attribute was set to the web server root “/”, then the application cookies will be sent to every application within the same domain.
-- `Expires` - This attribute is used to set persistent cookies, since the cookie does not expire until the set date is exceeded. This persistent cookie will be used by this browser session and subsequent sessions until the cookie expires. Once the expiration date has exceeded, the browser will delete the cookie. Alternatively, if this attribute is not set, then the cookie is only valid in the current browser session and the cookie will be deleted when the session ends.
-- `SameSite` - This attribute is used to assert that a cookie ought not to be sent along with cross-site requests. These features allows the server to mitigate the risk of cross-orgin information leakage. In some cases, is used too as a risk reduction strategy in front of cross-site request forgery attacks. This attribute can be configured in three different modes:
-  - `Strict`: this value is the most restrictive usage of `SameSite`, allowing the browser to send the cookie only to first-party context without top-level navigation. In other words, the data associated with the cookie will only be sent on the requests matching the current site shown on the browser URL menu bar. The cookie will not be sent on requests generated by third-party websites. This value is especially recommended for actions performed at the same domain. However, it can have some limitations with some session management systems negatively affecting the user navigation experience. Since the browser would not send the cookie on any requests generated from a third-party domain or email, the user would be required to sign in again in even if they already have an authenticated session.
-  - `Lax`: this less restrictive value enables the top-level navigation of the cookie. This means that the cookie will be sent by the browser if the domain in the URL equals the cookie’s domain (first-party) even if the link is coming from a third-party domain. This value is considered by most browsers the default behavior since it provides a better user experience than the `Strict` value.
-  - `None`: using this value the browser will send the cookie on cross-site requests (the normal behavior before the implementation of `SamseSite`) only if the `Secure` attribute is also used, _e.g._ `SameSite=None; Secure`.
-
-By design cookies do not have the capabilities to guarantee the integrity and confidentiality of the information stored in them. Those limitations make it impossible for a server to have confidence about how a given cookie's attributes were set at creation. In order to give the servers such features in a backwards-compatible way, the industry has introduced the concept of [`Cookie Name Prefixes`](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) to facilitate passing such details embedded as part of the cookie name.
-
-- `__Secure-` - This cookie prefix is less restrictive and can be introduced by adding the case-sensitive string `__Secure-` to the cookie name. While using this prefix both the server and browser would know that the cookie is expected to be created with the `Secure` attribute such as: `Set-Cookie: __Secure-SID=12345; path=/; Secure`. Otherwise, the cookie would not be accepted due to the lack of `Secure` flag or delivery by a secure channel. Any cookie that matches the prefix `__Secure-` would be expected to fulfill the following conditions:
-
-  1. The cookie must be set with the `Secure` attribute.
-  2. The cookie must be set from an URI considered secure by the user agent.
-
-- `__Host-` - This much more restrictive cookie prefix provides additional requirements added to the ones requested by the `__Secure-` prefix. Any cookie that matches the prefix `__Host-` would be expected to fulfill the following conditions:
-
-  1. The cookie must be set with the `Secure` attribute.
-  2. The cookie must be set from an URI considered secure by the user agent.
-  3. Sent only to the host who set the cookie and MUST NOT include any `Domain` attribute.
-  4. The cookie must be set with the attribute `Path` with a value of "/" so it would be sent to every request to the host.
-
-For this reason, the cookie `Set-Cookie: __Host-SID=12345; Secure; Path=/` would be accepted while any of the following ones would always be rejected:
-`Set-Cookie: __Host-SID=12345`
-`Set-Cookie: __Host-SID=12345; Secure`
-`Set-Cookie: __Host-SID=12345; Domain=site.example`
-`Set-Cookie: __Host-SID=12345; Domain=site.example; Path=/`
-`Set-Cookie: __Host-SID=12345; Secure; Domain=site.example; Path=/`
-
-Putting all this together, we can define the perfect cookie attribute configuration as: `Set-Cookie: __Host-SID=12345; path=/; Secure; HttpOnly; SameSite`.
-
-## How to Test
-
-### Testing for Cookie Attribute Vulnerabilities
-
-By using an intercepting proxy or traffic-intercepting browser plug-in, trap all responses where a cookie is set by the application (using the `Set-Cookie` directive) and inspect the cookie for the following:
-
-- `Secure`: Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. For example, after logging into an application and a session token is set using a cookie, then verify it is tagged using the `Secure` flag. If it is not, then the browser would agree to pass it via an unencrypted channel such as using HTTP, and this could lead to an attacker leading users into submitting their cookie over an insecure channel.
-
-`Set-Cookie: id=<session_id>; Secure;`
-
-- `HttpOnly`: This attribute should always be set even though not every browser supports it. This attribute aids in securing the cookie from being accessed by a client side script. It does not eliminate cross site scripting risks but does eliminate some exploitation vectors. Check to see if the `HttpOnly` tag has been set.
-
-`Set-Cookie: id=<session_id>; Secure; HttpOnly;`
-
-- `Domain` - Verify that the domain has not been set too loosely. As noted above, it should only be set for the server that needs to receive the cookie. For example if the application resides on server `app.mysite.com`, then it should be set to `Domain=app.mysite.com` and NOT `Domain=.mysite.com` as this would allow other potentially vulnerable servers to receive the cookie.
-
-`Set-Cookie: id=<session_id>; Domain=app.mysite.com;`
-
-- `Path`: Verify that the `Path` attribute, just as the `Domain` attribute, has not been set too loosely. Even if the `Domain` attribute has been configured as tight as possible, if the path is set to the root directory (`/`), it can be vulnerable to less secure applications on the same server. For example, if the application resides at `/myapp/`, then verify that the cookies path is set to `Path=/myapp/` and NOT `Path=/`.
-
-`Set-Cookie: id=<session_id>; Path=/myapp/;`
-
-- `Expires`: If this attribute is set to a time in the future, verify that the cookie does not contain any sensitive information. For example, if a cookie is set to `Expires=Sun, 31-Jul-2016 13:45:29 GMT` and it is currently July 31st 2014, then the tester should inspect the cookie. If the cookie is a session token that is stored on the user's hard drive, then an attacker or local user (such as an admin) who has access to this cookie can access the application by resubmitting this token until the expiration date passes.
-
-`Set-Cookie: id=<session_id>; Expires=Wed, 6 May 2020 07:28:00 GMT;`
-
-- `SameSite`: Verify that the cookie has the `SameSite` attribute defined with a value that aligns with business logic. As a general recommendation, the cookies used to store data used inside the scope of the application that creates it should be set to `SameSite=Strict`. Cookies used for session management should be `SameSite=Lax`. Any cookie that needs to be sent cross-origin should be created with the attribute `SameSite=None`.
-
-  - `Set-Cookie: id=<session_id>; SameSite=Strict;`
-  - `Set-Cookie: id=<session_id>; SameSite=Lax;`
-  - `Set-Cookie: id=<session_id>; SameSite=None; Secure;`
-
-### Testing for Cookie Authentication Replay
-
-Some vulnerable sites are only using cookie sessions as a single authentication token. On those cases, an attacker able to steal the valid authentication cookies would be able to impersonate the user session until the cookie expiration date. The most common attack vectors in order to steal the authentication Cookies from the users are malware, Javascript injection and Man-in-the-middle attacks.
-
-Therefore, the following testing steps can help to identify if the website simply use cookie for authentication token without other checking on web site.
-
-1. Use Chrome Extension Cookie Editor (i.e. Chrome EditThisCookie) to view existing cookie key-value pair.
-2. Use Chrome Login the target testing website.
-3. Use Chrome Extension Cookie Editor to view the cookie again. Identify those newly added or updated cookies. These can be potentialy vulnerable authentication cookies.
-4. Use Firefox to visit the target testing website and manually add all previous new identified cookies by FireFox Cookie Editor (i.e. Firefox Extension Advanced Cookie Manager)
-5. Check Firefox browser exisitng website login status to see if current web page can get authenticated and logged in without username and password. If that's true, it means that the website is vulnerable too `Cookie Authentication Replay`.
-
-## Remediation
-
-- Securely encrypt all the communications between the server and the browser to reduce cookie interception risk by Man-in-the-middle attacks.
-- Implement multiple session identifiers apart from the cookie session ID. (For example: last IP address, the browser's User-Agent, etc.)
-- Once creating the cookie, set up the shortest expiration time as possible.
-- Invalidate the cookie after some time of inactivity or when the user logs out.
-
-## Tools
-
-### Intercepting Proxy
-
-- [OWASP Zed Attack Proxy Project](https://www.zaproxy.org)
-- [Web Proxy Burp Suite](https://portswigger.net)
-
-### Browser Plug-in
-
-- [Tamper Data for FF Quantum](https://addons.mozilla.org/en-US/firefox/addon/tamper-data-for-ff-quantum/)
-- [“FireSheep” for FireFox](https://github.com/codebutler/firesheep)
-- [“EditThisCookie” for Chrome](https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en)
-- [“Cookiebro - Cookie Manager” for FireFox](https://addons.mozilla.org/en-US/firefox/addon/cookiebro/)
-
-## References
-
-### Whitepapers
-
-- [RFC 2965 - HTTP State Management Mechanism](https://tools.ietf.org/html/rfc2965)
-- [RFC 2616 – Hypertext Transfer Protocol – HTTP 1.1](https://tools.ietf.org/html/rfc2616)
-- [Same-Site Cookies - draft-ietf-httpbis-cookie-same-site-00](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00)
-- [The important “expires” attribute of Set-Cookie](https://seckb.yehg.net/2012/02/important-expires-attribute-of-set.html)
-- [HttpOnly Session ID in URL and Page Body](https://seckb.yehg.net/2012/06/httponly-session-id-in-url-and-page.html)
+# Testing for Cookies Attributes
+
+|ID           |
+|-------------|
+|WSTG-SESS-002|
+
+## Summary
+
+Cookies are often a key attack vector for malicious users (typically targeting other users) and the application should always take due diligence to protect cookies. This section looks at how an application can take the necessary precautions when assigning cookies, and how to test that these attributes have been correctly configured.
+
+The importance of secure use of cookies cannot be understated, especially within dynamic web applications, which need to maintain state across a stateless protocol such as HTTP. To understand the importance of cookies it is imperative to understand what they are primarily used for. These primary functions usually consist of being used as a session authorization and authentication tokens, or as a temporary data container. Thus, if an attacker were able to acquire a session token (for example, by exploiting a cross site scripting vulnerability or by sniffing an unencrypted session), then they could use this cookie to hijack a valid session.
+
+Additionally, cookies are set to maintain state across multiple requests. Since HTTP is stateless, the server cannot determine if a request it receives is part of a current session or the start of a new session without some type of identifier. This identifier is very commonly a cookie although other methods are also possible. There are many different types of applications that need to keep track of session state across multiple requests. A common one that comes to mind would be an online store. As a user adds multiple items to a shopping cart, this data needs to be retained in subsequent requests to the application. Cookies are very commonly used for this task and are set by the application using the `Set-Cookie` directive in the application's HTTP response, and is usually in a `name=value` format (if cookies are enabled and if they are supported, as is the case for all modern web browsers). Once an application has told the browser to use a particular cookie, the browser will send this cookie in each subsequent request. A cookie can contain data such as items from an online shopping cart, the price of these items, the quantity of these items, personal information, user IDs, etc.
+
+Due to the sensitive nature of information in cookies, they are typically encoded or encrypted in an attempt to protect the information they contain. Often, multiple cookies will be set (separated by a semicolon) upon subsequent requests. For example, in the case of an online store, a new cookie could be set as the user adds multiple items to the shopping cart. Additionally, there will typically be a cookie for authentication (session token as indicated above) once the user logs in, and multiple other cookies used to identify the items the user wishes to purchase and their auxiliary information (i.e., price and quantity) in the online store type of application.
+
+Once the tester has an understanding of how cookies are set, when they are set, what they are used for, why they are used, and their importance, they should take a look at what attributes can be set for a cookie and how to test if they are secure. The following is a list of the attributes that can be set for each cookie and what they mean. The next section will focus on how to test for each attribute.
+
+- `Secure` - This attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.
+- `HttpOnly` - This attribute is used to help prevent attacks such as cross-site scripting, since it does not allow the cookie to be accessed via a client side script such as JavaScript. Note that not all browsers support this functionality.
+- `Domain` - This attribute is used to compare against the domain of the server in which the URL is being requested. If the domain matches or if it is a subdomain, then the `path` attribute will be checked next.
+
+Note that only hosts within the specified domain can set a cookie for that domain. Additionally, the `domain` attribute cannot be a top level domain (such as `.gov` or `.com`) to prevent servers from setting arbitrary cookies for another domain. If the domain attribute is not set, then the host name of the server that generated the cookie is used as the default value of the `domain`.
+
+For example, if a cookie is set by an application at `app.mydomain.com` with no domain attribute set, then the cookie would be resubmitted for all subsequent requests for `app.mydomain.com` and its subdomains (such as `hacker.app.mydomain.com`), but not to `otherapp.mydomain.com`. If a developer wanted to loosen this restriction, then he could set the `domain` attribute to `mydomain.com`. In this case the cookie would be sent to all requests for `app.mydomain.com` and its subdomains, such as `hacker.app.mydomain.com`, and even `bank.mydomain.com`. If there was a vulnerable server on a subdomain (for example, `otherapp.mydomain.com`) and the `domain` attribute has been set too loosely (for example, `mydomain.com`), then the vulnerable server could be used to harvest cookies (such as session tokens).
+
+- `Path` - In addition to the domain, the URL path that the cookie is valid for can be specified. If the domain and path match, then the cookie will be sent in the request. Just as with the domain attribute, if the path attribute is set too loosely, then it could leave the application vulnerable to attacks by other applications on the same server. For example, if the path attribute was set to the web server root “/”, then the application cookies will be sent to every application within the same domain.
+- `Expires` - This attribute is used to set persistent cookies, since the cookie does not expire until the set date is exceeded. This persistent cookie will be used by this browser session and subsequent sessions until the cookie expires. Once the expiration date has exceeded, the browser will delete the cookie. Alternatively, if this attribute is not set, then the cookie is only valid in the current browser session and the cookie will be deleted when the session ends.
+- `SameSite` - This attribute is used to assert that a cookie ought not to be sent along with cross-site requests. These features allows the server to mitigate the risk of cross-orgin information leakage. In some cases, is used too as a risk reduction strategy in front of cross-site request forgery attacks. This attribute can be configured in three different modes:
+  - `Strict`: this value is the most restrictive usage of `SameSite`, allowing the browser to send the cookie only to first-party context without top-level navigation. In other words, the data associated with the cookie will only be sent on the requests matching the current site shown on the browser URL menu bar. The cookie will not be sent on requests generated by third-party websites. This value is especially recommended for actions performed at the same domain. However, it can have some limitations with some session management systems negatively affecting the user navigation experience. Since the browser would not send the cookie on any requests generated from a third-party domain or email, the user would be required to sign in again in even if they already have an authenticated session.
+  - `Lax`: this less restrictive value enables the top-level navigation of the cookie. This means that the cookie will be sent by the browser if the domain in the URL equals the cookie’s domain (first-party) even if the link is coming from a third-party domain. This value is considered by most browsers the default behavior since it provides a better user experience than the `Strict` value.
+  - `None`: using this value the browser will send the cookie on cross-site requests (the normal behavior before the implementation of `SamseSite`) only if the `Secure` attribute is also used, _e.g._ `SameSite=None; Secure`.
+
+By design cookies do not have the capabilities to guarantee the integrity and confidentiality of the information stored in them. Those limitations make it impossible for a server to have confidence about how a given cookie's attributes were set at creation. In order to give the servers such features in a backwards-compatible way, the industry has introduced the concept of [`Cookie Name Prefixes`](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) to facilitate passing such details embedded as part of the cookie name.
+
+- `__Secure-` - This cookie prefix is less restrictive and can be introduced by adding the case-sensitive string `__Secure-` to the cookie name. While using this prefix both the server and browser would know that the cookie is expected to be created with the `Secure` attribute such as: `Set-Cookie: __Secure-SID=12345; path=/; Secure`. Otherwise, the cookie would not be accepted due to the lack of `Secure` flag or delivery by a secure channel. Any cookie that matches the prefix `__Secure-` would be expected to fulfill the following conditions:
+
+  1. The cookie must be set with the `Secure` attribute.
+  2. The cookie must be set from an URI considered secure by the user agent.
+
+- `__Host-` - This much more restrictive cookie prefix provides additional requirements added to the ones requested by the `__Secure-` prefix. Any cookie that matches the prefix `__Host-` would be expected to fulfill the following conditions:
+
+  1. The cookie must be set with the `Secure` attribute.
+  2. The cookie must be set from an URI considered secure by the user agent.
+  3. Sent only to the host who set the cookie and MUST NOT include any `Domain` attribute.
+  4. The cookie must be set with the attribute `Path` with a value of "/" so it would be sent to every request to the host.
+
+For this reason, the cookie `Set-Cookie: __Host-SID=12345; Secure; Path=/` would be accepted while any of the following ones would always be rejected:
+`Set-Cookie: __Host-SID=12345`
+`Set-Cookie: __Host-SID=12345; Secure`
+`Set-Cookie: __Host-SID=12345; Domain=site.example`
+`Set-Cookie: __Host-SID=12345; Domain=site.example; Path=/`
+`Set-Cookie: __Host-SID=12345; Secure; Domain=site.example; Path=/`
+
+Putting all this together, we can define the perfect cookie attribute configuration as: `Set-Cookie: __Host-SID=12345; path=/; Secure; HttpOnly; SameSite`.
+
+## How to Test
+
+### Testing for Cookie Attribute Vulnerabilities
+
+By using an intercepting proxy or traffic-intercepting browser plug-in, trap all responses where a cookie is set by the application (using the `Set-Cookie` directive) and inspect the cookie for the following:
+
+- `Secure`: Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. For example, after logging into an application and a session token is set using a cookie, then verify it is tagged using the `Secure` flag. If it is not, then the browser would agree to pass it via an unencrypted channel such as using HTTP, and this could lead to an attacker leading users into submitting their cookie over an insecure channel.
+
+`Set-Cookie: id=<session_id>; Secure;`
+
+- `HttpOnly`: This attribute should always be set even though not every browser supports it. This attribute aids in securing the cookie from being accessed by a client side script. It does not eliminate cross site scripting risks but does eliminate some exploitation vectors. Check to see if the `HttpOnly` tag has been set.
+
+`Set-Cookie: id=<session_id>; Secure; HttpOnly;`
+
+- `Domain` - Verify that the domain has not been set too loosely. As noted above, it should only be set for the server that needs to receive the cookie. For example if the application resides on server `app.mysite.com`, then it should be set to `Domain=app.mysite.com` and NOT `Domain=.mysite.com` as this would allow other potentially vulnerable servers to receive the cookie.
+
+`Set-Cookie: id=<session_id>; Domain=app.mysite.com;`
+
+- `Path`: Verify that the `Path` attribute, just as the `Domain` attribute, has not been set too loosely. Even if the `Domain` attribute has been configured as tight as possible, if the path is set to the root directory (`/`), it can be vulnerable to less secure applications on the same server. For example, if the application resides at `/myapp/`, then verify that the cookies path is set to `Path=/myapp/` and NOT `Path=/`.
+
+`Set-Cookie: id=<session_id>; Path=/myapp/;`
+
+- `Expires`: If this attribute is set to a time in the future, verify that the cookie does not contain any sensitive information. For example, if a cookie is set to `Expires=Sun, 31-Jul-2016 13:45:29 GMT` and it is currently July 31st 2014, then the tester should inspect the cookie. If the cookie is a session token that is stored on the user's hard drive, then an attacker or local user (such as an admin) who has access to this cookie can access the application by resubmitting this token until the expiration date passes.
+
+`Set-Cookie: id=<session_id>; Expires=Wed, 6 May 2020 07:28:00 GMT;`
+
+- `SameSite`: Verify that the cookie has the `SameSite` attribute defined with a value that aligns with business logic. As a general recommendation, the cookies used to store data used inside the scope of the application that creates it should be set to `SameSite=Strict`. Cookies used for session management should be `SameSite=Lax`. Any cookie that needs to be sent cross-origin should be created with the attribute `SameSite=None`.
+
+  - `Set-Cookie: id=<session_id>; SameSite=Strict;`
+  - `Set-Cookie: id=<session_id>; SameSite=Lax;`
+  - `Set-Cookie: id=<session_id>; SameSite=None; Secure;`
+
+### Testing for Cookie Authentication Replay
+
+Some vulnerable sites are only using cookie sessions as a single authentication token. On those cases, an attacker able to steal the valid authentication cookies would be able to impersonate the user session until the cookie expiration date. The most common attack vectors in order to steal the authentication Cookies from the users are malware, Javascript injection and Man-in-the-middle attacks.
+
+Therefore, the following testing steps can help to identify if the website simply use cookie for authentication token without other checking on web site.
+
+1. Use Chrome Extension Cookie Editor (i.e. Chrome EditThisCookie) to view existing cookie key-value pair.
+2. Use Chrome Login the target testing website.
+3. Use Chrome Extension Cookie Editor to view the cookie again. Identify those newly added or updated cookies. These can be potentialy vulnerable authentication cookies.
+4. Use Firefox to visit the target testing website and manually add all previous new identified cookies by FireFox Cookie Editor (i.e. Firefox Extension Advanced Cookie Manager)
+5. Check Firefox browser exisitng website login status to see if current web page can get authenticated and logged in without username and password. If that's true, it means that the website is vulnerable too `Cookie Authentication Replay`.
+
+## Remediation
+
+- Securely encrypt all the communications between the server and the browser to reduce cookie interception risk by Man-in-the-middle attacks.
+- Implement multiple session identifiers apart from the cookie session ID. (For example: last IP address, the browser's User-Agent, etc.)
+- Once creating the cookie, set up the shortest expiration time as possible.
+- Invalidate the cookie after some time of inactivity or when the user logs out.
+
+## Tools
+
+### Intercepting Proxy
+
+- [OWASP Zed Attack Proxy Project](https://www.zaproxy.org)
+- [Web Proxy Burp Suite](https://portswigger.net)
+
+### Browser Plug-in
+
+- [Tamper Data for FF Quantum](https://addons.mozilla.org/en-US/firefox/addon/tamper-data-for-ff-quantum/)
+- [“FireSheep” for FireFox](https://github.com/codebutler/firesheep)
+- [“EditThisCookie” for Chrome](https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en)
+- [“Cookiebro - Cookie Manager” for FireFox](https://addons.mozilla.org/en-US/firefox/addon/cookiebro/)
+
+## References
+
+### Whitepapers
+
+- [RFC 2965 - HTTP State Management Mechanism](https://tools.ietf.org/html/rfc2965)
+- [RFC 2616 – Hypertext Transfer Protocol – HTTP 1.1](https://tools.ietf.org/html/rfc2616)
+- [Same-Site Cookies - draft-ietf-httpbis-cookie-same-site-00](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00)
+- [The important “expires” attribute of Set-Cookie](https://seckb.yehg.net/2012/02/important-expires-attribute-of-set.html)
+- [HttpOnly Session ID in URL and Page Body](https://seckb.yehg.net/2012/06/httponly-session-id-in-url-and-page.html)
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.3_Testing_for_Session_Fixation.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.3_Testing_for_Session_Fixation.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation.md
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_CSRF.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_CSRF.md
index b562fb41dc..f458b0bd90 100644
--- a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md
+++ b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_CSRF.md
@@ -24,7 +24,7 @@ Points 1, 2, and 3 are essential for the vulnerability to be present, while poin
 For simplicity's sake, consider GET-accessible URLs (though the discussion applies as well to POST requests). If *victim* has already authenticated themselves, submitting another request causes the cookie to be automatically sent with it. The figure below illustrates the user accessing an application on `www.example.com`.
 
 ![Session Riding](images/Session_riding.GIF)\
-*Figure 4.7.5-1:Session Riding*
+*Figure 4.6.5-1:Session Riding*
 
 The GET request could be sent by the user in several different ways:
 
@@ -79,7 +79,7 @@ To delete all rules:
 This example is intentionally naive, but shows in a simplified way the dangers of CSRF.
 
 ![Session Riding Firewall Management](images/Session_Riding_Firewall_Management.gif)\
-*Figure 4.7.5-2:Session Riding Firewall Management*
+*Figure 4.6.5-2:Session Riding Firewall Management*
 
 Using the form pictured in the figure above, entering the value `*` and clicking the Delete button will submit the following GET request:
 
@@ -88,7 +88,7 @@ Using the form pictured in the figure above, entering the value `*` and clicking
 This would delete all firewall rules.
 
 ![Session Riding Firewall Management 2](images/Session_Riding_Firewall_Management_2.gif)\
-*Figure 4.7.5-3:Session Riding Firewall Management 2*
+*Figure 4.6.5-3:Session Riding Firewall Management 2*
 
 The user might also have accomplished the same results by manually submitting the URL:
 
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.6_Testing_for_Logout_Functionality.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/06-Testing_for_Logout_Functionality.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.6_Testing_for_Logout_Functionality.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/06-Testing_for_Logout_Functionality.md
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md
index c347659ba9..8d7880c648 100644
--- a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md
+++ b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md
@@ -22,7 +22,7 @@ The most common scenario for this kind of attack is a public computer that is us
 
 ### Black-Box Testing
 
-The same approach seen in the [Testing for logout functionality](4.7.6_Testing_for_Logout_Functionality.md) section can be applied when measuring the timeout log out.
+The same approach seen in the [Testing for logout functionality](06-Testing_for_Logout_Functionality.md) section can be applied when measuring the timeout log out.
 The testing methodology is very similar. First, testers have to check whether a timeout exists, for instance, by logging in and waiting for the timeout log out to be triggered. As in the log out function, after the timeout has passed, all session tokens should be destroyed or be unusable.
 
 Then, if the timeout is configured, testers need to understand whether the timeout is enforced by the client or by the server (or both). If the session cookie is non-persistent (or, more in general, the session cookie does not store any data about the time), testers can assume that the timeout is enforced by the server. If the session cookie contains some time related data (e.g., log in time, or last access time, or expiration date for a persistent cookie), then it's possible that the client is involved in the timeout enforcing. In this case, testers could try to modify the cookie (if it's not cryptographically protected) and see what happens to the session. For instance, testers can set the cookie expiration date far in the future and see whether the session can be prolonged.
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.8_Testing_for_Session_Puzzling.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/08-Testing_for_Session_Puzzling.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.8_Testing_for_Session_Puzzling.md
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/08-Testing_for_Session_Puzzling.md
diff --git a/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md
new file mode 100644
index 0000000000..9d51b0ca14
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md
@@ -0,0 +1,17 @@
+# 4.6 Session Management Testing
+
+[4.6.1 Testing for Bypassing Session Management Schema](01-Testing_for_Session_Management_Schema.md)
+
+[4.6.2 Testing for Cookies Attributes](02-Testing_for_Cookies_Attributes.md)
+
+[4.6.3 Testing for Session Fixation](03-Testing_for_Session_Fixation.md)
+
+[4.6.4 Testing for Exposed Session Variables](04-Testing_for_Exposed_Session_Variables.md)
+
+[4.6.5 Testing for Cross Site Request Forgery (CSRF)](05-Testing_for_CSRF.md)
+
+[4.6.6 Testing for Logout Functionality](06-Testing_for_Logout_Functionality.md)
+
+[4.6.7 Test Session Timeout](07-Testing_Session_Timeout.md)
+
+[4.6.8 Testing for Session Puzzling](08-Testing_for_Session_Puzzling.md)
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_Riding_Firewall_Management.gif b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_Riding_Firewall_Management.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_Riding_Firewall_Management.gif
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_Riding_Firewall_Management.gif
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_Riding_Firewall_Management_2.gif b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_Riding_Firewall_Management_2.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_Riding_Firewall_Management_2.gif
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_Riding_Firewall_Management_2.gif
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_riding.GIF b/document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/images/Session_riding.GIF
rename to document/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
index 0ed5ab83e7..abe89a04ab 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
@@ -66,7 +66,7 @@ Ideally all HTML special characters will be replaced with HTML entities. The key
 For example, consider a site that has a welcome notice `Welcome %username%` and a download link.
 
 ![XSS Example 1](images/XSS_Example1.png)\
-*Figure 4.8.1-1: XSS Example 1*
+*Figure 4.7.1-1: XSS Example 1*
 
 The tester must suspect that every data entry point can result in an XSS attack. To analyze it, the tester will play with the user variable and try to trigger the vulnerability.
 
@@ -77,7 +77,7 @@ Let's try to click on the following link and see what happens:
 If no sanitization is applied this will result in the following popup:
 
 ![Alert](images/Alert.png)\
-*Figure 4.8.1-2: XSS Example 1*
+*Figure 4.7.1-2: XSS Example 1*
 
 This indicates that there is an XSS vulnerability and it appears that the tester can execute code of his choice in anybody's browser if he clicks on the tester's link.
 
@@ -93,7 +93,7 @@ AllLinks[0].href = "http://badexample.com/malicious.exe"; }</script>
 This produces the following behavior:
 
 ![XSS Example 2](images/XSS_Example2.png)\
-*Figure 4.8.1-3: XSS Example 2*
+*Figure 4.7.1-3: XSS Example 2*
 
 This will cause the user, clicking on the link supplied by the tester, to download the file malicious.exe from a site he controls.
 
@@ -162,7 +162,7 @@ This will exploit the reflected cross site scripting vulnerability shown before,
 
 #### Example 7: HTTP Parameter Pollution (HPP)
 
-Another method to bypass filters is the HTTP Parameter Pollution, this technique was first presented by Stefano di Paola and Luca Carettoni in 2009 at the OWASP Poland conference. See the [Testing for HTTP Parameter pollution](4.8.4_Testing_for_HTTP_Parameter_Pollution.md) for more information. This evasion technique consists of splitting an attack vector between multiple parameters that have the same name. The manipulation of the value of each parameter depends on how each web technology is parsing these parameters, so this type of evasion is not always possible. If the tested environment concatenates the values of all parameters with the same name, then an attacker could use this technique in order to bypass pattern- based security mechanisms.
+Another method to bypass filters is the HTTP Parameter Pollution, this technique was first presented by Stefano di Paola and Luca Carettoni in 2009 at the OWASP Poland conference. See the [Testing for HTTP Parameter pollution](04-Testing_for_HTTP_Parameter_Pollution.md) for more information. This evasion technique consists of splitting an attack vector between multiple parameters that have the same name. The manipulation of the value of each parameter depends on how each web technology is parsing these parameters, so this type of evasion is not always possible. If the tested environment concatenates the values of all parameters with the same name, then an attacker could use this technique in order to bypass pattern- based security mechanisms.
 Regular attack:
 
 `http://example/page.php?param=<script>[...]</script>`
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.2_Testing_for_Stored_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.2_Testing_for_Stored_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md
index b462ff2533..15331ff561 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.2_Testing_for_Stored_Cross_Site_Scripting.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md
@@ -34,7 +34,7 @@ Stored XSS is particularly dangerous in application areas where users with high
 
 ### Black-Box Testing
 
-The process for identifying stored XSS vulnerabilities is similar to the process described during the [testing for reflected XSS](4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md).
+The process for identifying stored XSS vulnerabilities is similar to the process described during the [testing for reflected XSS](01-Testing_for_Reflected_Cross_Site_Scripting.md).
 
 #### Input Forms
 
@@ -57,7 +57,7 @@ Input stored by the application is normally used in HTML tags, but it can also b
 **Example**: Email stored data in index2.php
 
 ![Stored Input Example](images/Stored_input_example.jpg)\
-*Figure 4.8.2-1:Stored Input Example*
+*Figure 4.7.2-1:Stored Input Example*
 
 The HTML code of index2.php where the email value is located:
 
@@ -81,7 +81,7 @@ This involves testing the input validation and filtering controls of the applica
 Ensure the input is submitted through the application. This normally involves disabling JavaScript if client-side security controls are implemented or modifying the HTTP request with a web proxy. It is also important to test the same injection with both HTTP GET and POST requests. The above injection results in a popup window containing the cookie values.
 
 > ![Stored XSS Exxample](images/Stored_xss_example.jpg)\
-> *Figure 4.8.2-2:Stored Input Example*
+> *Figure 4.7.2-2:Stored Input Example*
 >
 > The HTML code following the injection:
 >
@@ -89,7 +89,7 @@ Ensure the input is submitted through the application. This normally involves di
 > <input class="inputbox" type="text" name="email" size="40" value="aaa@aa.com"><script>alert(document.cookie)</script>
 > ```
 >
-> The input is stored and the XSS payload is executed by the browser when reloading the page. If the input is escaped by the application, testers should test the application for XSS filters. For instance, if the string “SCRIPT” is replaced by a space or by a NULL character then this could be a potential sign of XSS filtering in action. Many techniques exist in order to evade input filters (see [testing for reflected XSS](4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md)) chapter). It is strongly recommended that testers refer to [XSS Filter Evasion](https://owasp.org/www-community/xss-filter-evasion-cheatsheet) and [Mario](https://cybersecurity.wtf/encoder/) XSS Cheat pages, which provide an extensive list of XSS attacks and filtering bypasses. Refer to the whitepapers and tools section for more detailed information.
+> The input is stored and the XSS payload is executed by the browser when reloading the page. If the input is escaped by the application, testers should test the application for XSS filters. For instance, if the string “SCRIPT” is replaced by a space or by a NULL character then this could be a potential sign of XSS filtering in action. Many techniques exist in order to evade input filters (see [testing for reflected XSS](01-Testing_for_Reflected_Cross_Site_Scripting.md)) chapter). It is strongly recommended that testers refer to [XSS Filter Evasion](https://owasp.org/www-community/xss-filter-evasion-cheatsheet) and [Mario](https://cybersecurity.wtf/encoder/) XSS Cheat pages, which provide an extensive list of XSS attacks and filtering bypasses. Refer to the whitepapers and tools section for more detailed information.
 
 #### Leverage Stored XSS with BeEF
 
@@ -110,7 +110,7 @@ The JavaScript hook can be injected by exploiting the XSS vulnerability in the w
 When the user loads the page index2.php, the script hook.js is executed by the browser. It is then possible to access cookies, user screenshot, user clipboard, and launch complex XSS attacks.
 
 > ![Beef Injection Example](images/RubyBeef.png)\
-> *Figure 4.8.2-3:Beef Injection Example*
+> *Figure 4.7.2-3:Beef Injection Example*
 >
 > This attack is particularly effective in vulnerable pages that are viewed by many users with different privileges.
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.3_Testing_for_HTTP_Verb_Tampering.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.3_Testing_for_HTTP_Verb_Tampering.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md
index ac28c05029..b0e1a84468 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.3_Testing_for_HTTP_Verb_Tampering.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md
@@ -128,7 +128,7 @@ This example is written using the netcat package from openbsd (standard with mos
    An example of a failed test (ie, the server supports OPTIONS despite no need for it):
 
    ![OPTIONS Verb Tampering](images/OPTIONS_verb_tampering.png)\
-   *Figure 4.8.3-1: OPTIONS Verb Tampering*
+   *Figure 4.7.3-1: OPTIONS Verb Tampering*
 
 ### Automated HTTP Verb Tampering Testing
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.4_Testing_for_HTTP_Parameter_Pollution.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.4_Testing_for_HTTP_Parameter_Pollution.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.1_Testing_for_Oracle.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.1_Testing_for_Oracle.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.2_Testing_for_MySQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.2_Testing_for_MySQL.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md
index 4884b01c13..f506d87c17 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.2_Testing_for_MySQL.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md
@@ -19,7 +19,7 @@ MySQL comes with at least four versions which are used in production worldwide,
 
 It should be noted that for MySQL versions before 4.0.x, only Boolean or time-based Blind Injection attacks could be used, since the subquery functionality or `UNION` statements were not implemented.
 
-From now on, we will assume that there is a classic SQL injection vulnerability, which can be triggered by a request similar to the the one described in the Section on [Testing for SQL Injection](4.8.5_Testing_for_SQL_Injection.md).
+From now on, we will assume that there is a classic SQL injection vulnerability, which can be triggered by a request similar to the the one described in the Section on [Testing for SQL Injection](05-Testing_for_SQL_Injection.md).
 
 `http://www.example.com/page.php?id=2`
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.3_Testing_for_SQL_Server.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.3_Testing_for_SQL_Server.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md
index dd115fbfac..872c3f2bbd 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.3_Testing_for_SQL_Server.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md
@@ -219,7 +219,7 @@ Other options for out of band attacks are described in [Sample 4 above](#Example
 
 #### Trial and Error
 
-Alternatively, one may play lucky. That is the attacker may assume that there is a blind or out-of-band SQL injection vulnerability in a the web application. He will then select an attack vector (e.g., a web entry), [use fuzz vectors](../AppxC_Fuzz_Vectors/Appx.C_Fuzz_Vectors.md) against this channel and watch the response. For example, if the web application is looking for a book using a query
+Alternatively, one may play lucky. That is the attacker may assume that there is a blind or out-of-band SQL injection vulnerability in a the web application. He will then select an attack vector (e.g., a web entry), [use fuzz vectors](../AppxC_Fuzz_Vectors/README.md) against this channel and watch the response. For example, if the web application is looking for a book using a query
 
 ```sql
 select * from books where title="text entered by the user"
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.4_Testing_PostgreSQL.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.4_Testing_PostgreSQL.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md
index 52cfb186da..eca54e5c7b 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.4_Testing_PostgreSQL.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md
@@ -237,7 +237,7 @@ Plperl allows us to code PostgreSQL functions in perl. Normally, it is installed
 
 ## References
 
-- [Testing for SQL Injection](4.8.5_Testing_for_SQL_Injection.md)
+- [Testing for SQL Injection](05-Testing_for_SQL_Injection.md)
 
 - [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)
 - [PostgreSQL Official Documentation](https://www.postgresql.org/docs/)
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.5_Testing_for_MS_Access.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.5_Testing_for_MS_Access.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.6_Testing_for_NoSQL_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md
similarity index 95%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.6_Testing_for_NoSQL_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md
index 69ce5f5da5..1e13162a58 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.6_Testing_for_NoSQL_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md
@@ -54,7 +54,7 @@ Even if a query depended on no user input, such as the following example, an att
 
 `db.myCollection.find( { $where: function() { return obj.credits - obj.debits < 0; } } );`
 
-One way to potentially assign data to PHP variables is via HTTP Parameter Pollution (see: [Testing for HTTP Parameter pollution](4.8.4_Testing_for_HTTP_Parameter_Pollution.md)). By creating a variable named `$where` via parameter pollution, one could trigger a MongoDB error indicating that the query is no longer valid. Any value of `$where` other than the string `$where` itself, should suffice to demonstrate vulnerability. An attacker would develop a full exploit by inserting the following:
+One way to potentially assign data to PHP variables is via HTTP Parameter Pollution (see: [Testing for HTTP Parameter pollution](04-Testing_for_HTTP_Parameter_Pollution.md)). By creating a variable named `$where` via parameter pollution, one could trigger a MongoDB error indicating that the query is no longer valid. Any value of `$where` other than the string `$where` itself, should suffice to demonstrate vulnerability. An attacker would develop a full exploit by inserting the following:
 
 `$where: function() { //arbitrary JavaScript here }`
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.7_Testing_for_ORM_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7_Testing_for_ORM_Injection.md
similarity index 92%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.7_Testing_for_ORM_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7_Testing_for_ORM_Injection.md
index 005db31285..cf6f4d5a6d 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.7_Testing_for_ORM_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7_Testing_for_ORM_Injection.md
@@ -12,11 +12,11 @@ ORM layers can be prone to vulnerabilities, as they extend the surface of attack
 
 ### Identify the ORM Layer
 
-To effeciently test and understand what's happening between your requests and the backend queries, and as with everything related to conducting proper testing, it is essential to identify the technology being used. By following the [information gathering](../4.2_Information_Gathering/README.md) chapter, you should be aware of the technology being used by the application at hand. Check this [list mapping languages to their respective ORMs](https://en.wikipedia.org/wiki/List_of_object-relational_mapping_software).
+To effeciently test and understand what's happening between your requests and the backend queries, and as with everything related to conducting proper testing, it is essential to identify the technology being used. By following the [information gathering](../01-Information_Gathering/README.md) chapter, you should be aware of the technology being used by the application at hand. Check this [list mapping languages to their respective ORMs](https://en.wikipedia.org/wiki/List_of_object-relational_mapping_software).
 
 ### Abusing the ORM Layer
 
-After identifying the possible ORM being used, it becomes essential to understand how its parser is functioning, and study methods to abuse it, or even maybe if the application is using an old version, identify CVEs pertaining to the library being used. Sometimes, ORM layers are not properly implemented, and thus allow for the tester to conduct normal [SQL Injection](4.8.5_Testing_for_SQL_Injection.md), without worrying about the ORM layer.
+After identifying the possible ORM being used, it becomes essential to understand how its parser is functioning, and study methods to abuse it, or even maybe if the application is using an old version, identify CVEs pertaining to the library being used. Sometimes, ORM layers are not properly implemented, and thus allow for the tester to conduct normal [SQL Injection](05-Testing_for_SQL_Injection.md), without worrying about the ORM layer.
 
 #### Weak ORM Implementation
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.8_Testing_for_Client-Side.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md
similarity index 94%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.8_Testing_for_Client-Side.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md
index d9329d7e79..e9a8c4cfb7 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.8_Testing_for_Client-Side.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md
@@ -50,11 +50,11 @@ db.transaction(function(transaction){
 
 To return information for all the users, instead of only the user corresponding to the attacker, the following could be used: `15 OR 1=1` in the URL fragment.
 
-For additional SQL Injection payloads, go to the [Testing for SQL Injection](4.8.5_Testing_for_SQL_Injection_WSTG-INPVAL-005.md) scenario.
+For additional SQL Injection payloads, go to the [Testing for SQL Injection](05-Testing_for_SQL_Injection.md) scenario.
 
 ## Remediation
 
-Follow the same remediation from the [Testing for SQL Injection's Remediation Section](4.8.5_Testing_for_SQL_Injection_WSTG-INPVAL-005.md#remediation).
+Follow the same remediation from the [Testing for SQL Injection's Remediation Section](05-Testing_for_SQL_Injection.md#remediation).
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.6_Testing_for_LDAP_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.6_Testing_for_LDAP_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.8_Testing_for_XML_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.8_Testing_for_XML_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.9_Testing_for_SSI_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.9_Testing_for_SSI_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md
index c28a49a2c8..684b01c211 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md
@@ -61,4 +61,4 @@ If there is no knowledge about the XML data internal details and if the applicat
 ### Whitepapers
 
 - [Amit Klein: “Blind XPath Injection”](http://dl.packetstormsecurity.net/papers/bypass/Blind_XPath_Injection_20040518.pdf)
-- [XPath specifications](https://www.w3.org/TR/xpath/all/)
+- [XPath 1.0 specifications](http://www.w3.org/TR/xpath)
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.11_Testing_for_IMAP_SMTP_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.11_Testing_for_IMAP_SMTP_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md
index 99a5033d5b..118b8a2296 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.11_Testing_for_IMAP_SMTP_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md
@@ -13,7 +13,7 @@ The IMAP/SMTP Injection technique is more effective if the mail server is not di
 An IMAP/SMTP Injection makes it possible to access a mail server which otherwise would not be directly accessible from the Internet. In some cases, these internal systems do not have the same level of infrastructure security and hardening that is applied to the front-end web servers. Therefore, mail server results may be more vulnerable to attacks by end users (see the scheme presented in Figure 1).
 
 ![IMAP SMTP Injection](images/Imap-smtp-injection.png)\
-*Figure 4.8.11-1:Communication with the mail servers using the IMAP/SMTP Injection technique*
+*Figure 4.7.10-1:Communication with the mail servers using the IMAP/SMTP Injection technique*
 
 Figure 1 depicts the flow of traffic generally seen when using webmail technologies. Step 1 and 2 is the user interacting with the webmail client, whereas step 2 is the tester bypassing the webmail client and interacting with the back-end mail servers directly.
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12_Testing_for_Code_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12_Testing_for_Code_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.1_Testing_for_Local_File_Inclusion.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.1_Testing_for_Local_File_Inclusion.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.2_Testing_for_Remote_File_Inclusion.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.2_Testing_for_Remote_File_Inclusion.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.13_Testing_for_Command_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.13_Testing_for_Command_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md
similarity index 75%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md
index 3d54721020..70e72a2793 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md
@@ -14,9 +14,9 @@ See the OWASP article on [Buffer Overflow](https://owasp.org/www-community/attac
 
 Different types of buffer overflow vulnerabilities have different testing methods. Here are the testing methods for the common types of buffer overflow vulnerabilities.
 
-- [Testing for heap overflow vulnerability](4.8.14.1_Testing_for_Heap_Overflow.md)
-- [Testing for stack overflow vulnerability](4.8.14.2_Testing_for_Stack_Overflow.md)
-- [Testing for format string vulnerability](4.8.14.3_Testing_for_Format_String.md)
+- [Testing for heap overflow vulnerability](13.1-Testing_for_Heap_Overflow.md)
+- [Testing for stack overflow vulnerability](13.2-Testing_for_Stack_Overflow.md)
+- [Testing for format string vulnerability](13.3-Testing_for_Format_String.md)
 
 ### Code Review
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.1_Testing_for_Heap_Overflow.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.1-Testing_for_Heap_Overflow.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.1_Testing_for_Heap_Overflow.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.1-Testing_for_Heap_Overflow.md
index 0ed8d2d4fc..ad9b67e915 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.1_Testing_for_Heap_Overflow.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.1-Testing_for_Heap_Overflow.md
@@ -17,7 +17,7 @@ There are numerous variants of the heap overflow (heap corruption) vulnerability
 The principles of black-box testing for heap overflows remain the same as stack overflows. The key is to supply as input strings that are longer than expected. Although the test process remains the same, the results that are visible in a debugger are significantly different. While in the case of a stack overflow, an instruction pointer or SEH overwrite would be apparent, this does not hold true for a heap overflow condition. When debugging a windows program, a heap overflow can appear in several different forms, the most common one being a pointer exchange taking place after the heap management routine comes into action. Shown below is a scenario that illustrates a heap overflow vulnerability.
 
 ![Heap Overflow Vulnerability](images/Heap_overflow_vulnerability.gif)\
-*Figure 4.8.14-1: Heap Overflow Vulnerability*
+*Figure 4.7.13-1: Heap Overflow Vulnerability*
 
 The two registers shown, EAX and ECX, can be populated with user supplied addresses which are a part of the data that is used to overflow the heap buffer. One of the addresses can point to a function pointer which needs to be overwritten, for example UEF (Unhandled Exception filter), and the other can be the address of user supplied code that needs to be executed.
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.2_Testing_for_Stack_Overflow.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.2_Testing_for_Stack_Overflow.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow.md
index 676e9aedc0..5df2ddc4ba 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.2_Testing_for_Stack_Overflow.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow.md
@@ -34,14 +34,14 @@ int main(int argc, char *argv[])
 File sample.exe is launched in a debugger, in our case OllyDbg.
 
 ![Stack Overflow Vulnerability](images/Stack_overflow_vulnerability.gif)\
-*Figure 4.8.14.2-1: OllyDbg - Stack Overflow Vulnerability*
+*Figure 4.7.13.2-1: OllyDbg - Stack Overflow Vulnerability*
 
 Since the application is expecting command line arguments, a large sequence of characters such as ‘A’, can be supplied in the argument field shown above.
 
 On opening the executable with the supplied arguments and continuing execution the following results are obtained.
 
 ![Stack Overflow Vulnerability](images/Stack_overflow_vulnerability_2.gif)\
-*Figure 4.8.14.2-2: OllyDbg Result - Stack Overflow Vulnerability*
+*Figure 4.7.13.2-2: OllyDbg Result - Stack Overflow Vulnerability*
 
 As shown in the registers window of the debugger, the EIP or Extended Instruction Pointer, which points to the next instruction to be executed, contains the value `41414141`. `41` is a hexadecimal representation for the character `A` and therefore the string `AAAA` translates to 41414141.
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.3_Testing_for_Format_String.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.3-Testing_for_Format_String.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.3_Testing_for_Format_String.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.3-Testing_for_Format_String.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.15_Testing_for_Incubated_Vulnerability.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md
similarity index 89%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.15_Testing_for_Incubated_Vulnerability.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md
index cc6bcc2cfa..96b987d9bd 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.15_Testing_for_Incubated_Vulnerability.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md
@@ -20,7 +20,7 @@ In a penetration test, `incubated attacks` can be used to assess the criticality
 This type of asynchronous attack covers a great spectrum of attack vectors, among them the following:
 
 - File upload components in a web application, allowing the attacker to upload corrupted media files (jpg images exploiting `CVE-2004-0200`, png images exploiting `CVE-2004-0597`, executable files, site pages with active component, etc.)
-- Cross-site scripting issues in public forums posts (see [Testing for Stored Cross Site Scripting](4.8.2_Testing_for_Stored_Cross_Site_Scripting.md) for additional details). An attacker could potentially store malicious scripts or code in a repository in the backend of the web-application (e.g., a database) so that this script/code gets executed by one of the users (end users, administrators, etc). The archetypical incubated attack is exemplified by using a cross-site scripting vulnerability in a user forum, bulletin board, or blog in order to inject some JavaScript code at the vulnerable page, and will be eventually rendered and executed at the site user's browser --using the trust level of the original (vulnerable) site at the user's browser.
+- Cross-site scripting issues in public forums posts (see [Testing for Stored Cross Site Scripting](02-Testing_for_Stored_Cross_Site_Scripting.md) for additional details). An attacker could potentially store malicious scripts or code in a repository in the backend of the web-application (e.g., a database) so that this script/code gets executed by one of the users (end users, administrators, etc). The archetypical incubated attack is exemplified by using a cross-site scripting vulnerability in a user forum, bulletin board, or blog in order to inject some JavaScript code at the vulnerable page, and will be eventually rendered and executed at the site user's browser --using the trust level of the original (vulnerable) site at the user's browser.
 - SQL/XPATH Injection allowing the attacker to upload content to a database, which will be later retrieved as part of the active content in a web page. For example, if the attacker can post arbitrary JavaScript in a bulletin board so that it gets executed by users, then he might take control of their browsers (e.g., [XSS-proxy](http://sourceforge.net/projects/xss-proxy)).
 - Misconfigured servers allowing installation of Java packages or similar web site components (i.e. Tomcat, or web hosting consoles such as Plesk, CPanel, Helm, etc.)
 
@@ -50,7 +50,7 @@ Verify the content type allowed to upload to the web application and the resulta
 
 #### SQL Injection Example
 
-Usually, this set of examples leverages XSS attacks by exploiting a SQL-injection vulnerability. The first thing to test is whether the target site has a SQL injection vulnerability. This is described in Section 4.2 [Testing for SQL Injection](4.8.6_Testing_for_LDAP_Injection.md). For each SQL-injection vulnerability, there is an underlying set of constraints describing the kind of queries that the attacker/pen-tester is allowed to do.
+Usually, this set of examples leverages XSS attacks by exploiting a SQL-injection vulnerability. The first thing to test is whether the target site has a SQL injection vulnerability. This is described in [Testing for SQL Injection](05-Testing_for_SQL_Injection.md). For each SQL-injection vulnerability, there is an underlying set of constraints describing the kind of queries that the attacker/pen-tester is allowed to do.
 
 The tester then has to match the XSS attacks he has devised with the entries that he is allowed to insert.
 
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.16_Testing_for_HTTP_Splitting_Smuggling.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.16_Testing_for_HTTP_Splitting_Smuggling.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.17_Testing_for_HTTP_Incoming_Requests.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.17_Testing_for_HTTP_Incoming_Requests.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.18_Testing_for_Host_Header_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.18_Testing_for_Host_Header_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.19_Testing_for_Server_Side_Template_Injection.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.19_Testing_for_Server_Side_Template_Injection.md
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
index b942cd0a37..2575dd260e 100644
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.19_Testing_for_Server_Side_Template_Injection.md
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
@@ -28,7 +28,7 @@ public function getFilter($name)
 In the getFilter function the `call_user_func($callback, $name)` is vulnerable to SSTI: the `name` parameter is fetched from the HTTP GET request and executed by the server:
 
 ![SSTI XVWA Example](images/SSTI_XVWA.jpeg)\
-*Figure 4.8.19-1: SSTI XVWA Example*
+*Figure 4.7.18-1: SSTI XVWA Example*
 
 ## Example - Flask/Jinja2
 
diff --git a/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md
new file mode 100644
index 0000000000..9fe738af1c
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md
@@ -0,0 +1,63 @@
+# 4.7 Input Validation Testing
+
+## [4.7.1 Reflected Cross Site Scripting](01-Testing_for_Reflected_Cross_Site_Scripting.md)
+
+## [4.7.2 Stored Cross Site Scripting](02-Testing_for_Stored_Cross_Site_Scripting.md)
+
+## [4.7.3 HTTP Verb Tampering](03-Testing_for_HTTP_Verb_Tampering.md)
+
+## [4.7.4 HTTP Parameter Pollution](04-Testing_for_HTTP_Parameter_Pollution.md)
+
+## [4.7.5 SQL Injection](05-Testing_for_SQL_Injection.md)
+
+### [4.7.5.1 Oracle Testing](05.1-Testing_for_Oracle.md)
+
+### [4.7.5.2 MySQL Testing](05.2-Testing_for_MySQL.md)
+
+### [4.7.5.3 SQL Server Testing](05.3-Testing_for_SQL_Server.md)
+
+### [4.7.5.4 Testing PostgreSQL](05.4-Testing_PostgreSQL.md)
+
+### [4.7.5.5 MS Access Testing](05.5-Testing_for_MS_Access.md)
+
+### [4.7.5.6 NoSQL Injection](05.6-Testing_for_NoSQL_Injection.md)
+
+### [4.7.5.7 ORM Injection](05.7-Testing_for_ORM_Injection.md)
+
+### [4.7.5.8 Client Side SQLi](05.8-Testing_for_Client_Side.md)
+
+## [4.7.6 LDAP Injection](06-Testing_for_LDAP_Injection.md)
+
+## [4.7.7 XML Injection](07-Testing_for_XML_Injection.md)
+
+## [4.7.8 SSI Injection](08-Testing_for_SSI_Injection.md)
+
+## [4.7.9 XPath Injection](09-Testing_for_XPath_Injection.md)
+
+## [4.7.10 IMAP/SMTP Injection](10-Testing_for_IMAP_SMTP_Injection.md)
+
+## [4.7.11 Code Injection)](11-Testing_for_Code_Injection.md)
+
+### [4.7.11.1 Local File Inclusion](11.1-Testing_for_Local_File_Inclusion.md)
+
+### [4.7.11.2 Remote File Inclusion](11.2-Testing_for_Remote_File_Inclusion.md)
+
+## [4.7.12 Command Injection](12-Testing_for_Command_Injection.md)
+
+## [4.7.13 Buffer Overflow](13-Testing_for_Buffer_Overflow.md)
+
+### [4.7.13.1 Heap Overflow](13.1-Testing_for_Heap_Overflow.md)
+
+### [4.7.13.2 Stack Overflow](13.2-Testing_for_Stack_Overflow.md)
+
+### [4.7.13.3 Format String](13.3-Testing_for_Format_String.md)
+
+## [4.7.14 Incubated Vulnerability](14-Testing_for_Incubated_Vulnerability.md)
+
+## [4.7.15 HTTP Splitting/Smuggling](15-Testing_for_HTTP_Splitting_Smuggling.md)
+
+## [4.7.16 HTTP Incoming Requests](16-Testing_for_HTTP_Incoming_Requests.md)
+
+## [4.7.17 Host Header Injection](17-Testing_for_Host_Header_Injection.md)
+
+## [4.7.18 Server Side Template Injection](18-Testing_for_Server_Side_Template_Injection.md)
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Alert.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Alert.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Heap_overflow_vulnerability.gif b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Heap_overflow_vulnerability.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Heap_overflow_vulnerability.gif
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Heap_overflow_vulnerability.gif
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Imap-smtp-injection.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Imap-smtp-injection.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/OPTIONS_verb_tampering.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/OPTIONS_verb_tampering.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/OPTIONS_verb_tampering.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/OPTIONS_verb_tampering.png
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/RubyBeef.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/RubyBeef.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/SSTI_XVWA.jpeg b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/SSTI_XVWA.jpeg
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stack_overflow_vulnerability.gif b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stack_overflow_vulnerability.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stack_overflow_vulnerability.gif
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stack_overflow_vulnerability.gif
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stack_overflow_vulnerability_2.gif b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stack_overflow_vulnerability_2.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stack_overflow_vulnerability_2.gif
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stack_overflow_vulnerability_2.gif
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stored_input_example.jpg b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stored_input_example.jpg
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stored_xss_example.jpg b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/Stored_xss_example.jpg
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/XSS_Example1.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/XSS_Example1.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/XSS_Example2.png b/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/images/XSS_Example2.png
rename to document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png
diff --git a/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.1_Testing_for_Error_Code.md b/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md
similarity index 97%
rename from document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.1_Testing_for_Error_Code.md
rename to document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md
index 8f5247cae7..7cd3945485 100644
--- a/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.1_Testing_for_Error_Code.md
+++ b/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md
@@ -10,7 +10,7 @@ Often, during a penetration test on web applications, we come up against many er
 
 This section analyses the more common codes (error messages) and bring into focus their relevance during a vulnerability assessment. The most important aspect for this activity is to focus one's attention on these errors, seeing them as a collection of information that will aid in the next steps of our analysis. A good collection can facilitate assessment efficiency by decreasing the overall time taken to perform the penetration test.
 
-Attackers sometimes use search engines to locate errors that disclose information. Searches can be performed to find any erroneous sites as random victims, or it is possible to search for errors in a specific site using the search engine filtering tools as described in [4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](../4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
+Attackers sometimes use search engines to locate errors that disclose information. Searches can be performed to find any erroneous sites as random victims, or it is possible to search for errors in a specific site using the search engine filtering tools as described in [4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](../01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
 
 ### Web Server Errors
 
@@ -26,7 +26,7 @@ This error message can be generated by requesting a non-existent URL. After the
 
 Other HTTP response codes such as 400 Bad Request, 405 Method Not Allowed, 501 Method Not Implemented, 408 Request Time-out and 505 HTTP Version Not Supported can be forced by an attacker. When receiving specially crafted requests, web servers may provide one of these error codes depending on their HTTP implementation.
 
-Testing for disclosed information in the Web Server error codes is related testing for information disclosed in the HTTP headers as described in the section [Fingerprint Web Server](../4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md).
+Testing for disclosed information in the Web Server error codes is related testing for information disclosed in the HTTP headers as described in the section [Fingerprint Web Server](../01-Information_Gathering/02-Fingerprint_Web_Server.md).
 
 ### Application Server Errors
 
@@ -36,7 +36,7 @@ Application errors are returned by the application itself, rather than the web s
 
 Database errors are those returned by the Database System when there is a problem with the query or the connection. Each Database system, such as MySQL, Oracle or MSSQL, has their own set of errors. Those errors can provide sensible information such as Database server IPs, tables, columns and login details.
 
-In addition, there are many SQL Injection exploitation techniques that utilize detailed error messages from the database driver, for in depth information on this issue see [Testing for SQL Injection](../4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md) for more information.
+In addition, there are many SQL Injection exploitation techniques that utilize detailed error messages from the database driver, for in depth information on this issue see [Testing for SQL Injection](../07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md) for more information.
 
 Web server errors aren't the only useful output returned requiring security analysis. Consider the next example error message:
 
diff --git a/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.2_Testing_for_Stack_Traces.md b/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.2_Testing_for_Stack_Traces.md
rename to document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md
diff --git a/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md b/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md
new file mode 100644
index 0000000000..ff224d8f9c
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md
@@ -0,0 +1,5 @@
+# 4.8 Testing for Error Handling
+
+[4.8.1 Analysis of Error Codes](01-Testing_for_Error_Code.md)
+
+[4.8.2 Analysis of Stack Traces](02-Testing_for_Stack_Traces.md)
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md
similarity index 96%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md
index 4ad8de194a..23ceb6cf6e 100644
--- a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md
+++ b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md
@@ -14,7 +14,7 @@ Even if high grade ciphers are today supported and normally used, some misconfig
 
 ### Common Issues
 
-A vulnerability occurs if the HTTP protocol is used to [transmit sensitive information](4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md) (e.g. [credentials transmitted over HTTP](../4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)).
+A vulnerability occurs if the HTTP protocol is used to [transmit sensitive information](03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md) (e.g. [credentials transmitted over HTTP](../04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)).
 
 When the SSL/TLS service is present it is good but it increments the attack surface and the following vulnerabilities exist:
 
@@ -23,9 +23,9 @@ When the SSL/TLS service is present it is good but it increments the attack surf
 
 Other vulnerabilities linked to this are:
 
-- Software exposed must be updated due to possibility of [known vulnerabilities](../4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md).
-- Usage of [Secure flag for Session Cookies](../4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md).
-- Usage of [HTTP Strict Transport Security (HSTS)](../4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md).
+- Software exposed must be updated due to possibility of [known vulnerabilities](../02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md).
+- Usage of [Secure flag for Session Cookies](../06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md).
+- Usage of [HTTP Strict Transport Security (HSTS)](../02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md).
 - The presence of both [HTTP](https://resources.enablesecurity.com/resources/Surf%20Jacking.pdf) and [HTTPS](https://moxie.org/software/sslstrip/), which can be used to intercept traffic.
 - The presence of mixed HTTPS and HTTP content in the same page, which can be used to Leak information.
 
@@ -72,15 +72,15 @@ Let's examine each check more in detail.
 
 ### Other Vulnerabilities
 
-The presence of a new service, listening in a separate tcp port may introduce vulnerabilities such as infrastructure vulnerabilities if the [software is not up to date](../4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md). Furthermore, for the correct protection of data during transmission the Session Cookie must use the [Secure flag](../4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md) and some directives should be sent to the browser to accept only secure traffic (e.g. [HSTS](../4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md), CSP).
+The presence of a new service, listening in a separate tcp port may introduce vulnerabilities such as infrastructure vulnerabilities if the [software is not up to date](../02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md). Furthermore, for the correct protection of data during transmission the Session Cookie must use the [Secure flag](../06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md) and some directives should be sent to the browser to accept only secure traffic (e.g. [HSTS](../02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md), CSP).
 
-Also there are some attacks that can be used to intercept traffic if the web server exposes the application on both [HTTP](../4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md) and [HTTPS](https://resources.enablesecurity.com/resources/Surf%20Jacking.pdf) or in case of mixed HTTP and HTTPS resources in the same page.
+Also there are some attacks that can be used to intercept traffic if the web server exposes the application on both [HTTP](../02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md) and [HTTPS](https://resources.enablesecurity.com/resources/Surf%20Jacking.pdf) or in case of mixed HTTP and HTTPS resources in the same page.
 
 ## How to Test
 
 ### Testing for Sensitive Data Transmitted in Clear-Text
 
-Various types of information which must be protected can be also transmitted in clear text. It is possible to check if this information is transmitted over HTTP instead of HTTPS. Please refer to specific tests for full details, for [credentials](../4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md) and other kind of [data](4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md).
+Various types of information which must be protected can be also transmitted in clear text. It is possible to check if this information is transmitted over HTTP instead of HTTPS. Please refer to specific tests for full details, for [credentials](../04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md) and other kind of [data](03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md).
 
 #### Example 1. Basic Authentication Over HTTP
 
@@ -1167,12 +1167,12 @@ Rather than providing a fictitious example, this guide includes an anonymized re
 We are visiting a .it site and the certificate was issued to a .com site. Internet Explorer warns that the name on the certificate does not match the name of the site.
 
 ![IE SSL Certificate Validity Warning](images/SSL_Certificate_Validity_Testing_IE_Warning.gif) \
-*Figure 4.10.1-1: Warning issued by Microsoft Internet Explorer*
+*Figure 4.9.1-1: Warning issued by Microsoft Internet Explorer*
 
 The message issued by Firefox is different. Firefox complains because it cannot ascertain the identity of the .com site the certificate refers to because it does not know the CA which signed the certificate. In fact, Internet Explorer and Firefox do not come pre-loaded with the same list of CAs. Therefore, the behavior experienced with various browsers may differ.
 
 ![FF SSL Certificate Validity Warning](images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif) \
-*Figure 4.10.1-2: Warning issued by Mozilla Firefox*
+*Figure 4.9.1-2: Warning issued by Mozilla Firefox*
 
 ### Testing for Other Vulnerabilities
 
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.2_Testing_for_Padding_Oracle.md b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.2_Testing_for_Padding_Oracle.md
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle.md
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md
similarity index 93%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md
index 43c020ddeb..1a717e2da3 100644
--- a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md
+++ b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md
@@ -6,7 +6,7 @@
 
 ## Summary
 
-Sensitive data must be protected when it is transmitted through the network. If data is transmitted over HTTPS or encrypted in another way the protection mechanism must not have limitations or vulnerabilities, as explained in the broader article "[Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (WSTG-CRYPST-001)](4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)" and in other OWASP documentation:
+Sensitive data must be protected when it is transmitted through the network. If data is transmitted over HTTPS or encrypted in another way the protection mechanism must not have limitations or vulnerabilities, as explained in the broader article "[Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (WSTG-CRYPST-001)](01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)" and in other OWASP documentation:
 
 - [OWASP Top 10 2017 A3-Sensitive Data Exposure](https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure).
 - [OWASP ASVS - Verification V10](https://code.google.com/p/owasp-asvs/wiki/Verification_V10).
@@ -65,7 +65,7 @@ Another typical example is authentication forms which transmit user authenticati
 
 ### Example 3: Cookie Containing Session ID Sent over HTTP
 
-The Session ID Cookie must be transmitted over protected channels. If the cookie does not have the [secure flag](../4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md) set, it is permitted for the application to transmit it unencrypted. Note below the setting of the cookie is done without the Secure flag, and the entire log in process is performed in HTTP and not HTTPS.
+The Session ID Cookie must be transmitted over protected channels. If the cookie does not have the [secure flag](../06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md) set, it is permitted for the application to transmit it unencrypted. Note below the setting of the cookie is done without the Secure flag, and the entire log in process is performed in HTTP and not HTTPS.
 
 ```bash
 https://secure.example.com/login
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.4_Testing_for_Weak_Encryption.md b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.4_Testing_for_Weak_Encryption.md
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.md
diff --git a/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md
new file mode 100644
index 0000000000..aca561acc6
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md
@@ -0,0 +1,9 @@
+# 4.9 Testing for Weak Cryptography
+
+[4.9.1 Testing for Weak SSL/TLS Ciphers Insufficient Transport Layer Protection](01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)
+
+[4.9.2 Testing for Padding Oracle](02-Testing_for_Padding_Oracle.md)
+
+[4.9.3 Testing for Sensitive Information Sent via Unencrypted Channels](03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md)
+
+[4.9.4 Testing for Weak Encryption](04-Testing_for_Weak_Encryption.md)
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_IE_Warning.gif b/document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_IE_Warning.gif
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_IE_Warning.gif
rename to document/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/images/SSL_Certificate_Validity_Testing_IE_Warning.gif
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.0_Introduction_to_Business_Logic.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/0-Introduction_to_Business_Logic.md
similarity index 99%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.0_Introduction_to_Business_Logic.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/0-Introduction_to_Business_Logic.md
index a092c390b1..f967ee7921 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.0_Introduction_to_Business_Logic.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/0-Introduction_to_Business_Logic.md
@@ -1,4 +1,4 @@
-# 4.11.0 Introduction to Business Logic Testing
+# Introduction to Business Logic Testing
 
 Testing for business logic flaws in a multi-functional dynamic web application requires thinking in unconventional methods. If an application's authentication mechanism is developed with the intention of performing steps 1, 2, 3 in that specific order to authenticate a user. What happens if the user goes from step 1 straight to step 3? In this simplistic example, does the application provide access by failing open; deny access, or just error out with a 500 message?
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.1_Test_Business_Logic_Data_Validation.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md
similarity index 92%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.1_Test_Business_Logic_Data_Validation.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md
index 8988b349ae..820c1d57dc 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.1_Test_Business_Logic_Data_Validation.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md
@@ -42,13 +42,13 @@ Specific Testing Method:
 
 ## Related Test Cases
 
-All [Input Validation](../4.8_Input_Validation_Testing/README.md) test cases.
+All [Input Validation](../07-Input_Validation_Testing/README.md) test cases.
 
-[Testing for Account Enumeration and Guessable User Account](../4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md).
+[Testing for Account Enumeration and Guessable User Account](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md).
 
-[Testing for Bypassing Session Management Schema](../4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md).
+[Testing for Bypassing Session Management Schema](../06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md).
 
-[Testing for Exposed Session Variables](../4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md).
+[Testing for Exposed Session Variables](../06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md).
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.2_Test_Ability_to_Forge_Requests.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests.md
similarity index 94%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.2_Test_Ability_to_Forge_Requests.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests.md
index e73cda7804..7d71b96549 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.2_Test_Ability_to_Forge_Requests.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests.md
@@ -48,11 +48,11 @@ Also, if an attacker was able to see through a proxy that the application has a
 
 ## Related Test Cases
 
-[Testing for Exposed Session Variables](../4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md)
+[Testing for Exposed Session Variables](../06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md)
 
-[Testing for Cross Site Request Forgery (CSRF)](../4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md)
+[Testing for Cross Site Request Forgery (CSRF)](../06-Session_Management_Testing/05-Testing_for_CSRF.md)
 
-[Testing for Account Enumeration and Guessable User Account](../4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
+[Testing for Account Enumeration and Guessable User Account](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.3_Test_Integrity_Checks.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.3_Test_Integrity_Checks.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md
index 9e149e6652..551bab008e 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.3_Test_Integrity_Checks.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md
@@ -62,7 +62,7 @@ Many systems include logging for auditing and troubleshooting purposes. But, how
 
 ## Related Test Cases
 
-All [Input Validation](../4.8_Input_Validation_Testing/README.md) test cases.
+All [Input Validation](../07-Input_Validation_Testing/README.md) test cases.
 
 ## Tools
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.4_Test_for_Process_Timing.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md
similarity index 94%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.4_Test_for_Process_Timing.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md
index 6a87974fdd..3d06169355 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.4_Test_for_Process_Timing.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md
@@ -38,9 +38,9 @@ Suppose a precious metals e-commerce site allows users to make purchases with a
 
 ## Related Test Cases
 
-[Testing for Cookies Attributes](../4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md)
+[Testing for Cookies Attributes](../06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md)
 
-[Test Session Timeout](../4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md)
+[Test Session Timeout](../06-Session_Management_Testing/07-Testing_Session_Timeout.md)
 
 ## Remediation
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md
similarity index 93%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md
index 90ebfe89f1..9ee007e9c3 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md
@@ -24,9 +24,9 @@ Suppose an eCommerce site allows users to take advantage of any one of many disc
 
 ## Related Test Cases
 
-[Testing for Account Enumeration and Guessable User Account](../4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
+[Testing for Account Enumeration and Guessable User Account](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
 
-[Testing for Weak lock out mechanism](../4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md)
+[Testing for Weak lock out mechanism](../04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md)
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows.md
similarity index 82%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows.md
index f411fb73b7..77df3cc910 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows.md
@@ -47,27 +47,27 @@ An electronic bulletin board system may be designed to ensure that initial posts
 
 ## Related Test Cases
 
-[Testing Directory Traversal/File Include](../4.6_Authorization_Testing/4.6.1_Testing_Directory_Traversal_File_Include.md)
+[Testing Directory Traversal/File Include](../05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include.md)
 
-[Testing for Bypassing Authorization Schema](../4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md)
+[Testing for Bypassing Authorization Schema](../05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md)
 
-[Testing for Bypassing Session Management Schema](../4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md)
+[Testing for Bypassing Session Management Schema](../06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md)
 
-[Test Business Logic Data Validation](4.11.1_Test_Business_Logic_Data_Validation.md)
+[Test Business Logic Data Validation](01-Test_Business_Logic_Data_Validation.md)
 
-[Test Ability to Forge Requests](4.11.2_Test_Ability_to_Forge_Requests.md)
+[Test Ability to Forge Requests](02-Test_Ability_to_Forge_Requests.md)
 
-[Test Integrity Checks](4.11.3_Test_Integrity_Checks.md)
+[Test Integrity Checks](03-Test_Integrity_Checks.md)
 
-[Test for Process Timing](4.11.4_Test_for_Process_Timing.md)
+[Test for Process Timing](04-Test_for_Process_Timing.md)
 
-[Test Number of Times a Function Can be Used Limits](4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
+[Test Number of Times a Function Can be Used Limits](05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
 
-[Test Defenses Against Application Mis-use](4.11.7_Test_Defenses_Against_Application_Misuse.md)
+[Test Defenses Against Application Mis-use](07-Test_Defenses_Against_Application_Misuse.md)
 
-[Test Upload of Unexpected File Types](4.11.8_Test_Upload_of_Unexpected_File_Types.md)
+[Test Upload of Unexpected File Types](08-Test_Upload_of_Unexpected_File_Types.md)
 
-[Test Upload of Malicious Files](4.11.9_Test_Upload_of_Malicious_Files.md)
+[Test Upload of Malicious Files](09-Test_Upload_of_Malicious_Files.md)
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.7_Test_Defenses_Against_Application_Misuse.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/07-Test_Defenses_Against_Application_Misuse.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.7_Test_Defenses_Against_Application_Misuse.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/07-Test_Defenses_Against_Application_Misuse.md
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types.md
similarity index 94%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types.md
index 341a0f7f45..aa511c4bc9 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types.md
@@ -50,9 +50,9 @@ Specific Testing Method
 
 ## Related Test Cases
 
-[Test File Extensions Handling for Sensitive Information](../4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md)
+[Test File Extensions Handling for Sensitive Information](../02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md)
 
-[Test Upload of Malicious Files](4.11.9_Test_Upload_of_Malicious_Files.md)
+[Test Upload of Malicious Files](09-Test_Upload_of_Malicious_Files.md)
 
 ## References
 
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.9_Test_Upload_of_Malicious_Files.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files.md
similarity index 96%
rename from document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.9_Test_Upload_of_Malicious_Files.md
rename to document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files.md
index 34c25c2e70..c743792959 100644
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.9_Test_Upload_of_Malicious_Files.md
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files.md
@@ -122,9 +122,9 @@ Upload the [ZIP bomb](https://github.com/AbhiAgarwal/notes/wiki/Zip-bomb) file t
 
 ## Related Test Cases
 
-[Test File Extensions Handling for Sensitive Information](../4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md)
+[Test File Extensions Handling for Sensitive Information](../02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md)
 
-[Test Upload of Unexpected File Types](../4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md)
+[Test Upload of Unexpected File Types](08-Test_Upload_of_Unexpected_File_Types.md)
 
 ## Tools
 
diff --git a/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md
new file mode 100644
index 0000000000..e6e2b88ae7
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md
@@ -0,0 +1,21 @@
+# 4.10 Testing Business Logic
+
+[4.10.0 Introduction to Business Logic Testing](0-Introduction_to_Business_Logic.md)
+
+[4.10.1 Test Business Logic Data Validation](01-Test_Business_Logic_Data_Validation.md)
+
+[4.10.2 Test Ability to Forge Requests](02-Test_Ability_to_Forge_Requests.md)
+
+[4.10.3 Test Integrity Checks](03-Test_Integrity_Checks.md)
+
+[4.10.4 Test for Process Timing](04-Test_for_Process_Timing.md)
+
+[4.10.5 Test Number of Times a Function Can be Used Limits](05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
+
+[4.10.6 Testing for the Circumvention of Work Flows](06-Testing_for_the_Circumvention_of_Work_Flows.md)
+
+[4.10.7 Test Defenses Against Application Mis-use](07-Test_Defenses_Against_Application_Misuse.md)
+
+[4.10.8 Test Upload of Unexpected File Types](08-Test_Upload_of_Unexpected_File_Types.md)
+
+[4.10.9 Test Upload of Malicious Files](09-Test_Upload_of_Malicious_Files.md)
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.2_Testing_for_JavaScript_Execution.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/02-Testing_for_JavaScript_Execution.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.2_Testing_for_JavaScript_Execution.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/02-Testing_for_JavaScript_Execution.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.3_Testing_for_HTML_Injection.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.3_Testing_for_HTML_Injection.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.4_Testing_for_Client_Side_URL_Redirect.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.4_Testing_for_Client_Side_URL_Redirect.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.5_Testing_for_CSS_Injection.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.5_Testing_for_CSS_Injection.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.6_Testing_for_Client_Side_Resource_Manipulation.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/06-Testing_for_Client_Side_Resource_Manipulation.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.6_Testing_for_Client_Side_Resource_Manipulation.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/06-Testing_for_Client_Side_Resource_Manipulation.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Testing_Cross_Origin_Resource_Sharing.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/07-Testing_Cross_Origin_Resource_Sharing.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Testing_Cross_Origin_Resource_Sharing.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/07-Testing_Cross_Origin_Resource_Sharing.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.8_Testing_for_Cross_Site_Flashing.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.8_Testing_for_Cross_Site_Flashing.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md
similarity index 98%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md
index 60e25410c4..35f64e2e51 100644
--- a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md
+++ b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md
@@ -13,12 +13,12 @@ A clickjacking attack uses seemingly-harmless features of HTML and JavaScript to
 To carry out this attack, an attacker creates a seemingly-harmless web page that loads the target application through the use of an inline frame (concealed with CSS code). Once this is done, an attacker may induce the victim to interact with the web page by other means (through, for example, social engineering). Like other attacks, a common prerequisite is that the victim is authenticated against the attacker’s target website.
 
 ![Clickjacking illustration](images/Clickjacking_description.png)\
-*Figure 4.12.9-1: Clickjacking inline frame illustration*
+*Figure 4.11.9-1: Clickjacking inline frame illustration*
 
 The victim surfs the attacker's web page with the intention of interacting with the visible user interface, but is inadvertently performing actions on the hidden page. Using the hidden page, an attacker can deceive users into performing actions they never intended to perform through the positioning of the hidden elements in the web page.
 
 ![Masked inline frame illustration](images/Masked_iframe.png)\
-*Figure 4.12.9-2: Masked inline frame illustration*
+*Figure 4.11.9-2: Masked inline frame illustration*
 
 The power of this method is that the actions performed by the victim are originated from the hidden but authentic target web page. Consequently, some of the anti-CSRF protections deployed by the developers to protect the web page from CSRF attacks could be bypassed.
 
@@ -264,7 +264,7 @@ Once we have discovered that the site we are testing is vulnerable to clickjacki
 Suppose that to execute the transfer the developers have planned three steps. In the first step the user fill a form with the destination account and the amount. In the second step, whenever the user submits the form, is presented a summary page asking the user confirmation (like the one presented in the following picture).
 
 ![Clickjacking Example Step 2](images/Clickjacking_example_step2.png)\
-*Figure 4.12.9-3: Clickjacking Example Step 2*
+*Figure 4.11.9-3: Clickjacking Example Step 2*
 
 Following a snippet of the code for the step 2:
 
@@ -326,12 +326,12 @@ The target page for the attack is the second step of the money transfer procedur
 The attacker's page may look like a simple and harmless web page like the one presented below:
 
 ![Clickjacking Example Malicious Page 1](images/Clickjacking_example_malicious_page_1.png)\
-*Figure 4.12.9-4: Clickjacking Example Malicious Page 1*
+*Figure 4.11.9-4: Clickjacking Example Malicious Page 1*
 
 But playing with the CSS opacity value we can see what is hidden under the seemingly innocuous web page.
 
 ![Clickjacking Example Malicious Page 2](images/Clickjacking_example_malicious_page_2.png)\
-*Figure 4.12.9-5: Clickjacking Example Malicious Page 2*
+*Figure 4.11.9-5: Clickjacking Example Malicious Page 2*
 
 The clickjacking code to create this page is presented below:
 
@@ -390,7 +390,7 @@ The clickjacking code to create this page is presented below:
 With the help of CSS (note the `#clickjacking` block) we can mask and suitably position the iframe in such a way as to match the buttons. If the victim click on the button “Click and go!” the form is submitted and the transfer is completed.
 
 ![Clickjacking Example Malicious Page 3](images/Clickjacking_example_malicious_page_3.png)\
-*Figure 4.12.9-6: Clickjacking Example Malicious Page 3*
+*Figure 4.11.9-6: Clickjacking Example Malicious Page 3*
 
 The example presented uses only basic clickjacking technique, but with advanced technique is possible to force user filling form with values defined by the attacker.
 
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md
similarity index 93%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md
index 5af341af05..3fe16f8a09 100644
--- a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets.md
+++ b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md
@@ -36,16 +36,16 @@ As with any data originating from untrusted sources, the data should be properly
 
 3. Confidentiality and Integrity.
    - Check that the WebSocket connection is using SSL to transport sensitive information `wss://`.
-   - Check the SSL Implementation for security issues (Valid Certificate, BEAST, CRIME, RC4, etc). Refer to the [Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (WSTG-CRYPST-001)](../4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md) section of this guide.
+   - Check the SSL Implementation for security issues (Valid Certificate, BEAST, CRIME, RC4, etc). Refer to the [Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (WSTG-CRYPST-001)](../09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md) section of this guide.
 
 4. Authentication.
-   - WebSockets do not handle authentication, normal black-box authentication tests should be carried out. Refer to the [Authentication Testing](../4.5_Authentication_Testing/README.md) sections of this guide.
+   - WebSockets do not handle authentication, normal black-box authentication tests should be carried out. Refer to the [Authentication Testing](../04-Authentication_Testing/README.md) sections of this guide.
 
 5. Authorization.
-   - WebSockets do not handle authorization, normal black-box authorization tests should be carried out. Refer to the [Authorization Testing](../4.6_Authorization_Testing/README.md) sections of this guide.
+   - WebSockets do not handle authorization, normal black-box authorization tests should be carried out. Refer to the [Authorization Testing](../05-Authorization_Testing/README.md) sections of this guide.
 
 6. Input Sanitization.
-   - Use [ZAP's](https://www.zaproxy.org) WebSocket tab to replay and fuzz WebSocket request and responses. Refer to the [Testing for Data Validation](../4.8_Input_Validation_Testing/README.md) sections of this guide.
+   - Use [ZAP's](https://www.zaproxy.org) WebSocket tab to replay and fuzz WebSocket request and responses. Refer to the [Testing for Data Validation](../07-Input_Validation_Testing/README.md) sections of this guide.
 
 #### Example 1
 
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Testing_Web_Messaging.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Testing_Web_Messaging.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Web_Storage.md
similarity index 93%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Web_Storage.md
index 2ec2c3a9fe..64ccbc7625 100644
--- a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md
+++ b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Web_Storage.md
@@ -16,7 +16,7 @@ Browsers provide the following client-side storage mechanisms for developers to
 
 These storage mechanisms can be viewed and edited using the browser's developer tools, such as [Google Chrome DevTools](https://developers.google.com/web/tools/chrome-devtools/storage/localstorage) or [Firefox's Storage Inspector](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector).
 
-Note: While cache is also a form of storage it is covered in a [separate section](../4.5_Authentication_Testing/4.5.6_Testing_for_Browser_Cache_Weaknesses.md) covering its own peculiarities and concerns.
+Note: While cache is also a form of storage it is covered in a [separate section](../04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md) covering its own peculiarities and concerns.
 
 ## Test Objectives
 
@@ -112,7 +112,7 @@ Web SQL is deprecated since November 18, 2010 and it's recommended that web deve
 
 Cookies are a key value storage mechanism that is primarily used for session management but web developers can still use it to store arbitrary string data.
 
-Cookies are covered extensively in [4.7.2 Testing for Cookies attributes (WSTG-SESS-002)](https://github.com/OWASP/wstg/blob/master/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md)
+Cookies are covered extensively in the [testing for Cookies attributes](../06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md) scenario.
 
 #### List All Cookies
 
@@ -162,7 +162,7 @@ _(Modified version of this [snippet](https://stackoverflow.com/a/17246535/309913
 
 ### Attack Chain
 
-Following the identification any of the above attack vectors, an attack chain can be formed with different types of client side attacks, such as [DOM based XSS](4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md) attacks.
+Following the identification any of the above attack vectors, an attack chain can be formed with different types of client side attacks, such as [DOM based XSS](01-Testing_for_DOM-based_Cross_Site_Scripting.md) attacks.
 
 ### Remediation
 
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/13-Testing_for_Cross_Site_Script_Inclusion.md
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion.md
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/13-Testing_for_Cross_Site_Script_Inclusion.md
diff --git a/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md
new file mode 100644
index 0000000000..4e02a804a4
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md
@@ -0,0 +1,27 @@
+# 4.11 Client-Side Testing
+
+[4.11.1 Testing for DOM based Cross Site Scripting](01-Testing_for_DOM-based_Cross_Site_Scripting.md)
+
+[4.11.2 Testing for JavaScript Execution](02-Testing_for_JavaScript_Execution.md)
+
+[4.11.3 Testing for HTML Injection](03-Testing_for_HTML_Injection.md)
+
+[4.11.4 Testing for Client Side URL Redirect](04-Testing_for_Client_Side_URL_Redirect.md)
+
+[4.11.5 Testing for CSS Injection](05-Testing_for_CSS_Injection.md)
+
+[4.11.6 Testing for Client Side Resource Manipulation](06-Testing_for_Client_Side_Resource_Manipulation.md)
+
+[4.11.7 Test Cross Origin Resource Sharing](07-Testing_Cross_Origin_Resource_Sharing.md)
+
+[4.11.8 Testing for Cross Site Flashing](08-Testing_for_Cross_Site_Flashing.md)
+
+[4.11.9 Testing for Clickjacking](09-Testing_for_Clickjacking.md)
+
+[4.11.10 Testing WebSockets](10-Testing_WebSockets.md)
+
+[4.11.11 Test Web Messaging](11-Testing_Web_Messaging.md)
+
+[4.11.12 Test Local Storage](12-Testing_Web_Storage.md)
+
+[4.11.13 Test for Cross Site Script Inclusion](13-Testing_for_Cross_Site_Script_Inclusion.md)
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_description.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_description.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_description.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_description.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_1.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_1.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_1.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_1.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_2.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_2.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_2.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_2.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_3.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_3.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_malicious_page_3.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_malicious_page_3.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_step2.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_step2.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Clickjacking_example_step2.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_step2.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Masked_iframe.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Masked_iframe.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/Masked_iframe.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Masked_iframe.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/OWASP_ZAP_WebSockets.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/OWASP_ZAP_WebSockets.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/OWASP_ZAP_WebSockets.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/OWASP_ZAP_WebSockets.png
diff --git a/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Storage-xss.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Storage-xss.png
new file mode 100644
index 0000000000000000000000000000000000000000..30906ee4634b74d91c143f9d898a43c371a6e213
GIT binary patch
literal 53311
zcmV)HK)t_-P)<h;3K|Lk000e1NJLTq00j#G00Jur0ssI2$EsK?00003b3#c}2nYz<
z;ZNWI000?uMObuGZ)S9NVRB^vXKrt8Wi4}Ka%E+1b7*gL?*qR+001BWNkl<Zc%1Bg
zcc4|p@&C-;``)8Tl_JH0fS@293!p-zT2T{?-Na}#F`5_+hNw}o8%;F7Xe_at#KdmC
z_DWHT6eXfqK)OgT4_>)ve}8P7E$80*3Ls`b;=AXbvt?#>c6MgVxp>X*uLIx+2nfJ|
z0097i0|Ib*4FCwpRbsUAAaDQ#;9OpVydlzY4k`rzc~}$>5jYoDob&W_4kKZ307Uv>
zKl3g%4}MzYN<x%P03|pC04{`V(Z~t8Lduv<xO&175GeboORy!$IY&gR0Ms8fk-J^L
zX3}DXrU?~~R#Nkc>U%;3$Vnc<j&3LvswgC{vLQ_Y;?mNy0O<vu3dwS%B1oFR=N(O}
zTN)^ufSYVwKUE}h(_6SybDKV|k8uD%R0MG)6~c;4rK`xxzkYzWJdoT)#R^S=q(H4)
z>XA`6u)7ah-$6?SR0)!FL~@I!G}Z^gc7St7D5SqB8zQ(vRUPG9K46Fpna{N=0YnB2
zQ4mZ7E`*PW$N*7RNScJ3VmNThq$EgpbDhu9I9ZZozNFZc^t4>Lkg9&ffs67vaGoSm
z%tpHyBBJI?iGg#_xqypr34q`ZIZqOv=#o)zkI0Sm0g*9e9A$3V^oR%yq)KyXMLAbu
zQvE`je<4zah{!Ucl>iw608cn@rdooDOt~uH)sW;6ArYh_asW{XmvR<Vb5Tpe6IHDk
zZUDGZJkdir7adoMTMJjphfB)2w$1Vp86vn$rHlm6u#DhKh)Qd@6hAlJgSI)U{FcEN
zjiQGiX@nqA;x%ffbWOCK(Lc$AZfN;P-xG2}M8$<vQJzR85jKib(!o^e*gBhd*(h9f
zGyPQeBa>f0;hY0kjW64ab58Ar=@$q9$W;x@j1^qAxE!E3>h=PCQ!}KgC%swT;0b6I
zK&`{1+mm4cz%jwZwsYsoBs0>K-Bh!zNe+&sRw*e%f@MWOIWU}aEp6ba3>TN}piQ>1
zw$k9aK9VlOj0b82r<~b$EMxDC@k+lqa8HvMLIQvQB>(_WrKolp)>>jZjn)Cw{Zy-*
z-6UEjl*GJHH40I4;u=`ceZU<Gfiy4ob6TT<U64z%vNVoBgVgxS7a+&eDl>!yRnj9>
z6K69Y%7t!ygfdbN?VADNfT@9WE1$(;SV*DEWKx4E*P~jV$_iFwRKv)~WU&Jci+0oS
zoFq5aC#7<SL}f@Jjpckq(+islM;yxR*cKlxqi7F*9+58bR*&*}h4`Cg3<nK52mq!}
zpMeO21`P`F;9S#hUXPWJP+1GvD$-8^bj1+t_;!(jdb}jA?XpCI5UPY0tc;*Cg(?XT
zUFwd?dBD<w;$9^NSB0JK$$6N&kXV8dfv!RgxyByS`VdjLfZAj@LrH$n2-H&F^fJ;1
zUu$FtS0`ys9cNtScDq~9Py;A2rL#^nC$)CpAfq!0l8*f9u8U6<F@4DCQzX1`trkjG
zO=*FW9IC9|q`HJ_dx?ElI%P8Z=AH~wNXAQAqbqA^9S~{bA^<m@rjv!Mdi<i41c*r!
zA)E^NK!r213n3t5jEMqK4=2)-;kpEn<*2^^dh$X%0rgOoEY;d^dZ}OO&`*T#jDJ=K
z(aC6XQ<d^Jb+k*uIPDtf*ha_zk%5kv&G?A`3FkbKQLYqN!jpvO6!jcccCDErxMhfm
z;FS!kq7F$VZ~&g;iKtIALug|%HdYb5no&srfB_=#jBFDQNe+0zlWNWr<@*XvLD^EA
zC(=EY5=as~Ie|v0%@yj#6JCz?ZM8*Bk_1$sq7^|Jdfm7*4j1IG3={JyGO?{5JTWei
z$UuY-Hgp`Rh8H>h%IN?_0S8cG=ZS1j(WqR<SSBh4rAQ=B1|YL_I-cRGC6%_CSsx{6
zs-e^x&}ls*J)c2DpmBxkONr`$li4>BJs}{s+rg?|*#Kh9?C`^}nxPSb14qtOXwD54
zIv+Rw2IWU<hAP*(L2J?}P|HX4;q>(bP7Q`P2zjHO8b@qn&Q*Vw7e@Cr??etFhmo06
zYatiHN$3Q5`SX#da$FF15&+s9gj)00_0-(45p?@_V=C1u0FGV~RfIeFY9-^YBGV62
zJgL`8lis>$v1qen=B$Kaw8uK&mMVCi$dQ)$O1q3hog@8Xfab#;2puoS>M$u4_^r&n
z`>r<Rqf1#r+hozvJFT3cV`{sVZce)i2^Fbj*z;^AF%L`4<yur&d|RbJ>6tre<8`LI
zWdMLZbM2&e<qu#*cd|min-Qk7!q=EKZCd~SeT7GuPGZ4^0Idk>i#DG6tJgWq>R(Vr
z$P7rJO0BrQ-PHvm&1*Nlt9u*}0GUaM+>9xdZmH<X<01T*8>Anb&)_JLq6Z#ZVs@M6
zLe$<Z0HCFAWNun(Kk?7)jz#PXrOTR1Cv*2k0A2_68FTE9+vn&!wc#6s&F=JFt6`8l
zpqHK<55~q+4QXypcnIjA9y<VpwuB0|#K6_sP64RyuNq91pt=aRS6~bqBB|v^tFN4}
zYDy7aJ_F@L=uW7o;}MW<N#J6Xr6C{qBMK1zi7Pi4!894M2JV`_*ZjH;x$;ZzJ2Kz^
z-X0U-mW$FXO%QIWSm{#JN2(f>2~fr8G8mT3D^6rG5+u|1Fj2E^96Q*hX&IND&Iro3
zmeh$h5<~6(>4gro@}Mcp7zfq0r3T2t&E$fLkZFt27H0|PjB_sHSP`dkgap-)CGy+m
zNG)|SZ=?`mFBfZXTui?hx@Gt)$wffMtVs!uYD$(NX7tPjazx~eiKWCuOzB9y*XqJK
za0X%mQGAus5uq<?n~p{di3$@`b8|u_=*~e}2N0RyM~*bqS|FhAYhp4&EQteI)8HHu
zG!_AsJ{mcy_NBuQ=qVsI5F%QORciH{10ZHNPZAjt%O>N<Q7puw7$8wza($O-r~0dQ
z2xx~<F2$-~$?o5z*O+M>1bajycEk7yXc=hKmPbx@qoPnW7BJmmftzhX_UNv=h6)g<
z>&1z65GCk1(Ts{5<*bPiubf4pE0;<PsH#+zoByqy0&=4T@oR_<BORLMEV$u}0_lhD
z251~9%Op8t8M?P^ts}NvkcbF!#hHO(){-<=Y1QcDtp4g58fE3UJ&izUA=!dHx9rfm
zB-i$uw&0p2sqDHUOZYOC=>Tpys(J+GMHF7;QcoyvR3*faruiiSk5O*mMizcNC%YzC
zp@i*C>6VbsIGABu(L-7uZP99~2%YGbZtfY6#<?(GLXBjLjFwC+9NBw=oOVhtbMTA)
z$}I-0ble%6!-a+B^`xyZ&@1>#`DL%+4ue5TgOt0$Ft^G`b3PqUgY+Wv6+A&0HXPSC
zT|QPdp_rD;imH;lG!EV9H&9?&CPccU2d39aj<XDL#*FC$1`a4KDKQy5hgH?8eL{1m
zkRCe;f_jgkl%6uVO0AuC^g0@9QaPmcH7+eT*#|_-y>_yR=+Rh5;KWD-B9-u7QoDA=
z2nVY-DwjetWN(uw(B^?Q3n!*Q6PIy^Vu-t0(eC*AgQd>Qk*cidET7H<mDd$V;2XKA
zEWayFm4Kca0FuVidr*@OYW|n_sboYX`|RAE5spU%j`Kmy57$GQ-_R!V(HXQjm@Yz1
zoH*G)X%8XLsJCVTL2NOkhQ^4~GS#lFw&ZBfv8WgWm>T*CXEcwJs_*M~A~f~576niW
zfXuaVPzzi@{ur-QRj1-ZuDUnjlZL!jT+2Zlauqg$T*?&5m@GyaBICkx?O-d;sZ1@+
z<fc6-!Sb#(q?r+c6mK;q3a{D>pLDjtq)CWnA~qFe2&%LK0a1j<oHIkA@JKiSawcVi
zCY(^;RZrwb!IaM?Qga002?L<|1fbTVWsn1QAjug50%XMIYS}&HtVoi8&_qBI7>KBw
zi{)A2V{+iq8I{u^sAdq5_G)BWYd9E2wN{AkNwyN`X$mlFsKAtrRMV>k@eDJqOLi6{
z3{m@03^g;fwN%-}0?F`9YlJ+2!HMAYp6`S!FIu%37h93_+OaA|-RG*?C>0~digZKc
zJnMZL>VGweb4SmWq8j~F+Gl%^TzJ9^tn7dYR)7uKPeA#I%%hn_ZGFQvR%V!18cqAL
zas&jK95@4pC^iX*;<aRqRrXyfYV-{6-WV%tGg~T*xMU=t43s<l?Aiqff_|mLT8p&C
za$5i(ndX{WXZ!&7zB3Tml+gJip@!VVjdD&v&rYWEprvfpXa-_ir8w9kGRK`bDUAxw
z$W|CEPj^B{bCU|?Q(3viv@<9W>r$W&TQ=T9A|YGIWWyn+e*&WOx~&kMurv7^Pdhgb
zVLn5aJ{jKikixB^@>dtG!E^*m+O|cpbLct?MxkcON(-G^nx=$FBurf^IxOm5SO6GS
z)AS7|s(PPgs%g%YRjR~88)f~PQ@QXJ*UN+My(0RS_PUXHVw9sSG6nz)QEn#$0Dvw3
z`9s5j<5-){i@(|Q(bU<SR(?6BqzeEvZ&=c-acRFUZ4chRgKZCWukbgTa&9HEvgl#R
z85m3vCY9YAIe_wxh~2ifGWlbiu0Sf8RX3$v3=TS}$&E~TEUq0ULx!;fR{e;2A<i-_
z+GX~45Sj6aim)a~$zXS9ixKrFyk!`jFSg;%Z`G(hFm>ncpMe^Q@W>-ehfILLNjn+U
zu=9cRrA(tbL$ypM21KfxUYE25t8FZTL!I3vfCEE128jo>PneoWIHI00M!ZlxZ!aiB
z(^~>W6Bm-Gtiu&LSAh;`oe|eEP|aYE7><e<He`{=?Sy1TRMSDv?x5T#tHLIg1a0FV
zQW>o%ih8<Gt}0gxG#1N3^R1M2Agw|sNe^vVL!)8H&_szuuFvUPV-SMHt4Qi8I9jI5
zc1^fNC~=9srsA3zR2Ei;xd>tvS<4eRGGqzngk4aJybN^Dk&_7e0He_k)cPwTG1OWi
zn^_YlX<>*ckB{n8;0z$6n$6}GIU*<fv_b88R#MVi&Xp|}lriKSfH7vZfjDHU+&%!N
z=9oZlV^$Q%wqOV#1_0m**V-cMGO`e--$h#8a`J-#X?PuzE3<^M4ZK!FkW+moNYKL6
zn?z*qWt^#f1X4#tzeq$-&CR}W(J~27RNNw)n{-T&tF+1o;d;BV?s0U&1ZneV(!tnJ
zZFvy%PA{$&ihLJQcR-+diG2V-y<J>4m652TM_LlAqq=5{<dw3`B5S~KYmy`!I3^^9
zu~vTxb<_?RMuSIvq%>5IMY^<#x`B}}Z9F5iwoZFMmDavTN+C10DCRchBA8ZKC$sD%
zXy4OQF)mwXC=jATwY^`?q}ZcNhzAb7KaScJ2C&aETCD4ez1#HD3Y=2}8DtH77nh`Q
zA`Nb~J}LPJW|DQeJ}s8fr$_#aBo&mEu**@>MK6yuFV;h(|05YTU2cn%q(>cq(FnPL
zN%dW2T|=#%R-NfGprU%^PN+P-3l}Int)1vYFum5N41vm$CJ1?+=8^}WrIS)f>K?6@
z1#=75P2%}+`AQD7zNJP^A?ba{tAZv9s+jKVWV*pDgk_Pj!G|2|6qtNIZOiA=X6^sW
zSqoO3TmATg&&xa9@+KgxS-)lWj4$tf>#L>HCm%JUcjG<x_bby@k6zaYyw(q=p}oSh
zZBEK!i>(cedxQE084k6bwyAM)E0YtP(IXrLhbGS>E}nE+y_L1-LcD}XKGpE=9zr1X
zqgh-9XE-NIx0*g9A-7|KCH4?cHAPy^g1wfLPC+j0vZ+4$CL@)0)PLocKH^OJ%AJQu
z*F8`%Lkc_KCiMw|04eIyE5nJ0^-Yn`v?Qtyq@5lS1}T#ru>15VAlK!XujUW24(csi
zgc~Iey)#+eLIAmaSj8~*I7uhdwLEMEcWjd0uuNPGLW(tgi(r=4lsk_4%#1z_$7yy&
zCg+^<#FhoBi93`5rP_H6W?2}`A#Pa+a!h0pz(K@&LMEC|v(`#)YRMubJi$a##=#sS
z(V8g=5%1|@3=u$_NEUoCqQ7E6lml>%92qdi6Y<I(lza)#C*i;o6sMyVAxyTOY(^7Q
z2x|jOJ7Ej}8Iw!HiPa03(H#}VaNy?sQ1TUAWENR4#*B_>;Tt2bnoUNeYDc?h2W#d=
z$EzHbxg|4nR=-351WZuuoafZeinyNZMLm-hkc(n<2x+^HOj;yWAAJ!49T6n0p<!6e
zd?_pMJ)}b;st5<9k|<IYx28nXjg$i0g)7nMi4ix7riEH18``i6LFgrej1I9m6`y4R
zDFtNbfWD<RU;1EbriMPJE)X#}lt9vyu1lg{x}cbr2lk0IRwh{v)T*DVo??|`Sy0=y
z6P^PD6AxuFS(Pox4^oJwo=6gS73hv;)8P0<A=1oTkIY|)z5q~6wW$v1)8?dhX>!@1
zDKRWn!lOGM<dtcus-0OEhoMUVW6h}lqb*HXV9pTiFh$ebgm6bDMy!rglCO!1YCbb)
z7YsR5vKOl*wyU5IRyk1JRU}gjCjqyJ(=1kxC`?3QXbP+%^K=SCuv^nvc6D8(BI&G6
zn*eagGE|$rR3VGsc)c0$rXBf!`F9KeXxcH!eUe*W!I39bm~Gg)Rq5x8hWDHI`9ELi
za{NV2_8V*nmqVs%2CiMTLi=L!GU|x75Kq!*qbnIdqiZ*cf!_D19S+^rW@=20Oh{I$
z?KqhZN<j*w+oZ;N%OKI2TW-x9qWT-~B+Q4s?^aO-wy3z173tHUZm04>#t~=UH=q?#
zwrUcGEQjhZ9MSLqT+J9Nee)b0^L{cW?{T@np(zSFKcp0Y4%KCrs<3Ur+>~0PW`Cqj
zupr7_03hkq+6n4`jyu8^{tS|MNwaAQC$Nk_c+)Clwlvzt$;s@k+UW#j65RaJH-q}*
zwWHIGQAx$tQ*tT`=*o&6fV$n08<&Bsw3t$b{3xAhF>EBGw(+W1SY?#Goq7aLQ5M(4
zEd}6c;#^IIiL!+xxa9|fu2=h5;*mK0O4JUew}Jp5<3kQ0)(JBJsNNcdrfkCnH$|&G
z#he2N#?}12jHOZ2Y3-7rOHrCTLcHuFs;@iaH;06&S6VY2A*+6^+#t>Y615ngi1-l|
z3vy>Qh^380ubeUwsB5ZFw5-~k!9{${)vgaci;@86`Yp(mB}9fYt&Yb;tj?v9aFt98
z8-!D16ki%DJrw{TjijxH$cc&9%7^L@tUR4dMarcLk@uZ&qB#f%m?ZiX0ucXJj6$H_
z?Pbp<p;BNnMw;%Z&4Ze0QW~KaZh<%x#BhKGZQR5cM)@VV%%|$2vM8yNdf8l?V576P
zITIw=yEv`mw332Eyb($TSY#4NOP-uRv6My$Ns&VoQN!Mvr**>o;sR(E$<&fxiELnp
z0K$?^%(O_TB{RbXl{0PMG@D21ko=<Eyw<TJ+m@3|K&E9(a=$`*Q1U4XQfXZoDccW1
zWm@x8;Yumg%#oS0HAiUme6X1%bD}WnC@{1iI4>5m@;hg9oddDDXwz9#cFHm>f~bqU
zVGojK6mfG}$$fzlZ9z~wJmejFgR<(h#ybY$Oc)cTWXpxbXtPqN!|!fDm&Smmp6mFh
zSP=6@<saV6Y3`-eU?`E_Q#2oyS8R7l^e@R%yIPZv?%5Qd7}O7OohBPcDedoGaRnso
z&`Hnmr{^^tJj;+}%-gvT0XBX5VXJ1D3|8;nqsg`{TQf;gRhhKB^ss*~f&P!Z&6+gi
zC0X8Kj~*j(i(a|A`(8a+!xqLQp&mhi4AXj}5HX_8N}$P0iTB!~_R#B<R_6y(p{Coa
zF>M(f&ABO$K-tL=z|4su+Uiq?C(Z#=5BVYhlrUDpup-Hc*RF<?J1@LZ#8jO(lPAJ7
zV@9?u7n&leSp(<oSI+Pd%2H^)#xGTwE{lB*AkQZjrk2`kBY0J;S?CMrb<CAnd?q1^
z`$><<oAQu!JIliYZ9zGzj$jRFt^-A)8K=w0lmW4zerV^gnD^E)^l0a0@+=BTV+K$;
zQYfDwK#yV&!Rl~E@Fr>rjSkcSHS5Om4<i&JcuZS`SS5$Gl!Q-|2jpPf0Zq9TUWl#E
zaz)lTIfqs@p^zNJ&oU{u&=jQp7%Q*mUqlR^a1;xUh*Wey$Wh&fMti0ZBSvksy>Stc
zbH)<}kP+dhewhM50tk#lVuBtur^tu~TBRZ~<O%g_jaMYz=B)@<{S{Hn)gc3v;UPod
z$P%KMLIR92wOS1TJmDM=5<Led|C6iYZi`qtC(gN(z4vlqz|1Isc_yS}GNVpTL=CzM
zZUl&^7rLc0iVQeUxcXry+25oM6j7vgN?9tCAc!g(Bi^djnMj8>hE|zIx7%~A;O4$+
zA_kD?Jq-Q`g+_}>tzv;($&RLwqSA@IC`~i#T4F`0Z#FHntT%6xyK-Xy1mQdDPFD^&
z^W+k#4AmbhPAwGcz_;~;bQ83eORa`M+Q_MnwJFQ;3IhmariAG^@>J28)abVj4>W@)
zm9!eCk5VXcwbfJBfJl9U)t$g1pCQx8HPrH&L1U3Dr&pT`<Wyu{rzJ&bb1z8qJ#<&9
zgm+p4dVF)2C7G~5Te@nCss!pD_^nzTY()wYLT1kFd5Z#6ZwF}iPD|YFPM(A5`WPnM
zNfDBxwmy@l#sXq4LO!-Nax>_s`AQ0ebTvbkF%==JQK54A=Vb?EOPe;TuHsn10AXOC
zW&kjM{f2ehcy&o>Rkq>OFPffl@a}8pEm=47-))XKA3|zsS-t=#jxi#49pkO<*sY_j
zoXLw$MI?qLKOUP>C6X^zq3KOsjMM|g2AaAC`_Y9YaJQ0@CJoryit25Z)ivny`AV%>
z4yS?aCssc}TN9-BAKEf!m7q;1?Q!IV5yUlj3h-`dLaYlPwdhRY#G$d!S1ka!;=`Sr
zYJ?(#B+^2Pq%b|1X$QU7;sl}g!h$va%0X4pruozR$90==r%~Noq)?T>dgYj;Q9Yzx
zTRZ|Ye+<^-pdp)U6||!@iw3n?r_aWbF<s9&8$noFO(Hq75~kKp0lZ2zQPv$<C=Cm(
zOgddqjlgW927Szsxj7L4_0Jfo(Ni7k<KmAv)hYRAI?`|qm{@xTYm=)Ay)gsGc_Jo{
zq)5EZ>`-rn0OD{nJ%hkhElR!A{0~FUAVK*Q^?_8`UQG5aRK7lAm?#pQr6>Tv3{$6d
zWozh-)?gOe2?t!o@pS%#0aN`$63O%_X|>ibm6yq%k{04rYxTa1!p!@S!R}wgD0r$N
z3o_G2$ju_SBLUaD1C>?xI7HyUWE`oqU2eGMx*qbjEi{@>_E?!kZ@o7gq<+|)UKL`d
zX1I}wI%7m_ixGv6s%aXlPr0%ZyU0}y_G+kSbx1aH9WpHFf7KH$ssuevVcA6~l~DMR
z*Hh4XXr~F!2<M$A=4!3ZBS70p(5BB_rX(30_bFeMRwY3Ma#MXV?Pe+sIs9ovxc9?b
zjg|7J6cU27$xxP}iR4t>LqrE19Kx)fBwZDK&nM_9xpzoMvj*!z^AM^bjG;v`NY_Mw
zIs>W^%Tp1dut*bIt&ZMJ%DXwJ!pQ-~6b5Y#phn1}Hyz3cCTro8mjKYJ$+8WmVZ$`2
z=cy!7i$~~CPN;2&Y?t2h3Y{vrPijC5$&-TJD(JjB;xaZiATj6K$>&?#EFjQ#bOAu7
zdQF4IIfiAdauZgT<Z$<vhYfq}uD`9iZ3>iEtY2N3WJ|tSQoW^Du5HieE9TC?;TO<C
z^Ozq>LH<~zz-U8STmN-R7T*GMI>lG%J_<IDkI=AI*p#G>MPBLBfvw;G)jY>JGKOKf
za<4#IMIPf=EH{4Xx=c!eLycM@2n|1^1n-$6Arnj>&B2|a$QK2@2=p!cqUOW9=Zv9h
zHTRj$-~}LZ_|#>%5wfmEuCEp|&kDXwWwfFC5ciWit?JTXe{+^My$sHvN*>Z3wB)^8
zAY_Bem6n96RSP|2%8c5?qzzS?Q!6hAP`|t*{T3>2oe=$;CJh?e)EyI)O4iLMas(zf
zmr^MZGJ{(aXqT}*JfA@Yre>W~eKP&V8Wr7e_4X}55SwYylq#Ju%aF?Mi)i-iN;wiH
z7+`{CqnX!7sr+oRiA1^eY9K`5T#Qvr{OB<P0Lb6!5;3WgItR#N1`(^0B*zl~)C<W*
zPel!8-krNIyAk0p-Tp(^&@KUWbXB0Ms6jn#B6~GQ#3T`W`?!1|J*qWk1ZSJ9^7~|A
zNTNR1nefc1oc+?pi4`N`@YrL9an?+jWtN3iN)$)U$$J4oZEBZO03?vrk}x5F?i6AL
z8r3;z$8wM!OYZ5@5D0XGvgH6GKm%YLpc3S7T+`>ylCpN-WVZx+-qsjKwb*9M*oZ+&
z&6c-O5im(q?-A)3-SN&1rOvywOrculw0NbRnpsCTLZ*apNNlFItK3XWQfXOD6tG;@
z9d{79@BRk>pk<2|C!Tl$03hPi&pfkc%~}9B_uL<Y(gdy!66BpjmzVe6|3ITg4Np7u
zQ~<c|{=YSD)ZnyJPvrpjJs|JP9QurOiW4qq12W+4u}8b3k2>nU`yXi3P?j%+fJDrJ
zk|d_S_ui+UewxW-&OGA`ze;-xI~kS~u@<{T(PbN`2Sgl1w}T@DQB~WuFp1EXPsl+`
z(JK=qAvhB|=%lrI3q>l%M5H)2UQcyY9#w4T`Y$00Op)@6GzJ<HDY?Fxa_v_UaBaBd
z9~Mzi-X4yQWYfx{)4hSj!E=CKY09?Ib02i;5;0=|V_}u#NIB4Y!2-g<r!7i`7*0NP
zJ$6r|7B|ZnV;M#}YZf+PrVJU+RYA7f9sp2U`ekVeU$<%_Y}vGB)z=Bne*7hCn9Z>k
zWnV1)Btx>h-HPjJIButLduq{0%M!d_WO(Bw<7urE$e|?~vb@&KU~E)8h|GjzoddqL
znsZ>847VgoQ4G^5rYguk={#EP&>PAy)5OJf001BWNkl<ZBzeES;C)DI;#x~COhsz4
zeDBpj>(wvvydI<&8oTabXSW7AeO9li%<74u*O*vot&~$hk{1bgP~Z@LuUHzHs0PZy
zRi>vX;DUguk9ydKbTv-e8I(V30wn;4H5ossHCEINfy!x<PvZ)GN$R2b@{bT;`V@0p
zU5{0%W3ic>7gVXpjC5LM+T_HFeghNeSsLrd%*;<eaaExFG-VSDsN6>`<4|TiLA6uC
z%p`;uK>eyUy)LO<wS_XbSUpCj-DoLM8D)z8E6?pQhM5dhRUslz#ED;qjH?3Ww19qv
zwV88MdZO2UwRVv;Pte<vbX%*hfGFP4MZyRK5UaQ{I2OgK1$^;a60Rkc$32mpZ&!h|
zqlZKZOfV&cp?KobV(Cs|{&K509X26=e2KNXZ(iZ0JC~ZoFk2HWgM-9q>WL$|yv^xF
zh@oQKMF|F&0c=)M!ZWzBqOwY!Ev8MX2?IjDG3%NdTD6%u@z<`b7}>a5Bw8^un1L}<
zmT5{YI6zSWrzTMsspBXITe6OOmbXylW7=7*s^}MP>I23y>(;N|x@}vN#*Md>m#<yB
zHj`mVk}$@C!-f4SF~`UQ0E|2SIK~)b4CF7HAY&PjZ^#qZX^xIfFk)F*+33-u^_|kv
z(hOtcjz2DgEW?<i)IJD>zyaoe@=0lF$(d)Ip{MOExI3o<gFFx2^vZFGsiB)xU{^a(
zm9}av9#SMV>BlKW_z%4PnC|5TMpLT;$oWliT?9R0ZZKWn!o{dcIe>8h^Ln799#j>O
z9#TNcMLA{psJ2h$q=QI;x|8Xt!CEJ&2O#|*#EMJ0@5M4<RIUJ!MMUv~PpDptktx~A
zlCl!mIA`Y8buY}TF6F@Crgj&VP5&U9VYqEeRW8$Uw{6XL+pw`>TT)qp`WUmZ{+dYb
zIv6h`L?yS#Gm!$i;&p=vRQW@DJ*_sB!?-g;rkyM>6ILQ6QD2qRY?dKyA6Q{fV9aFU
zj-{buD5w>*(U7#QZnN|u(I_32rK5_TDdyn2=w1z|Xd+>N%@S#~(27TxVwW;a5xwK~
zCA4*b<gy3rqGspvrJ=?VQ5g&q5~i7rd;udZFUVjzLCWz`iBL_T2&=1CuDMPCQjPNM
z)^l3`p$OaSCeUhWD@VZwppBT4*bE9XrD4VD_i7G9on+PuE1OG6&t7Um6-^KUkzhwj
zLyJ@wXiGo^MWg`Jz8+)7kjd0^PT6DL&n>x-64&7w(ln|~%(|8Mt!gDsL}1q7%&o(v
z2po{fmrH?)lVwUy6ipFH*CgdTkIg)S9th0nF5@T8nRv;O7!0&5w3?H5AL%uF8Mn)K
zBOw4lWs)H0IeAbPxoUAypKLxZm&-U<N<>%&G7&(R2|399)J79!hZ97}-z%m)O}7U#
zFCs)$1AtaW)sRwr++;*`ZL;MVL)69y1l<LcB&j{+sG?Y_ETJUKdcho`-nK3-^>%o<
z9IW2~WH=TtVA5TLC?@9s@->R`n1l9H-Oc^p5GB*82OJO~0bqdD$QUqSViP-rEC~_<
z0c6)vh5%hpjf`*B)(&ANK(|wh$wr3{l^l)7grI$NlZg^6Dbg>8O9NNjkbG!bB}AU{
zU9JE4L#Lt5YKb&^&52xOkH-cL%Cgz)(j`l}_vo>F`SRU%+pW5~dh6D$vWIa#XU^RD
zpUmH~WlN)m4ZC&gHekR2!SB8I-YaWC-~i{Hcb@qA-1E;jY}oLOGtQ8eAnG3(2bAxl
zPjb1bQ{VgI%P%V{D_gZ{b=Z(0ySHvl&l`x#3}fxuwk0fa0C?`X=S2B}hTV7Hy;ZAL
z3l=Om?<YS21fEM~%=}=%f={<qRP5fW)zG0sTeWHh0QcQ{F91|lRNjC81LvK09&kQq
z&Ybz5e4_d4KVSeL{&(Jgr%avFuW#Q00|%~OxBlNxJ>9BRtK*M5RypLxy8xhZoB8e<
z0Mw+*Hq?#)gcgV8IT7&n!Ps#$!=V{g-PDDVFN+xt%!*pxA`E+KkR+`MnxmkarjSEA
z2>19486U48J+Rs2pn1ym&=n|0TOKGZU{tQGvKVp@bcO;mvXZPO4GCnNKq)XQ5{NL|
zD{c$QEYK9KE>>`8H>qt<!}rN8?%pAJ{2UmNkh&$#A!q2V24#&luc|I<m+dj2!Gbq7
zmY3o9vJ0{e8eP5Ro~k`MUcYW|4l)PtyCSoBL$YFBS>py7%z!e*=~R0gCL94!#?TwX
zO(_BHtowR!_3~Ox<*ofuR}Gv;`u!7W4CYY*I}57PG^dU_>+AgG8<i9-k0GTFjf0%f
z;5SEl%#>a-+IRD6cd$}d2f!{w!|!Sw{fM-f-WV#r$X@IbLBENi*}TcdmIu<xN#>vi
zSZTcOZl$)lA$v4c@$_Y4)cn<Yob#L~D+S#pnr7eZd`LdI{WVOe=|E0V)Gsi>X1EY_
zUwIiMoRiUlGhCS-jP$n3MHdU)50gt)=@Fv}k}pa#<E1%ADmb*Zy;}AIK_9_DT?BO-
ztVZBQ-g+t1=8AKU$P@J|KbkkQIBh~lF5lH8%_yhK@|N4C3SmU7YVtyb$iP8tq(?5o
zWy%EyZr;}_bI9<R1Cn_Su~uvdLGk88?J^2om2D4Zan&9?Fwn4agRuB2dzZBaiwuqY
zwS-Io((5##Kav8h4a|leU7&jHHEFI?F9bpDOIL@qN%QKB${A%8NT1@Mr(dn|)#AQt
zS`j3x4#}<24OCnVYSdG$C3Ox#Dvh2$)=_-GM!7b`8ogEL<N#Z8IZSfZV#7dCGOF=a
zm4KX!m!Mge#W%fH=D>*&u!WV^!kYOqZK;%aiPpH8K*c-7!MA;)Rz;+}CxRrS&XCVW
z>U_UtZvx~XcIePy$<n3!@85ITvSsbtw_mbk2>>w60Pxv!=1iY4quYL6dvx!y;L}fL
z&7PgfumJ-G0>FtUj01r68`i)1=3DLBwaXw=Lme_?3^T$cF=QF_=6^&K#m@a`?#J^#
z?%A_vr;Z(8d;Rsd-+B87KRCr9QY;jynIZrHF5mx$j4|QjBEW|A8``&Tf7~(0GRy$L
zv{^If%$?J}fB&|vTfhCzJ1@Wd(y2fEVK!TO;t3}_{me6EWo2W>j$w?=o;_#!%$eP~
zb?wo;`=_6LI&1c9#@K)X1AF!AwQTvaxpU|4+qv_kNs~%4nGr`GnaN~bxu(mLwpU<K
zDVW{q^nR&y(%ve;35Os}VeQ9-ItJ;*`3fcDiB+02wH4&f*waA$g|}zuvhz1bI8XlX
zT<vH|&tQwguy4QK)EUT#iSf*88W(vRK>N1<o)-AD7avs6;tGvyg^CH0Rb)xF24#^k
zX1yOCcH8%$)t^jly+^i5Q`WLWNo&M^G<>vSS#ERE;M2+P<vI;6*|hAm{Xef-UA6v`
z^$pwh5YCP-hhPVC=@e#KU!rv_p!=dufKC=ij47*K%A-k1V?1eJJLCjcN<8b3>2ple
zxZDL(=Y42OqxQy5;iy+Ys6in)t>KXE5u@30eHXtteFJ^6@>_QIrs?<YJ1dLsN)C-_
zZh!{$Z3`ESY7q!sjrM7vqM$Cey>mKHDPi0^O`*`4nX_J<qPvx)(Rn4JXD^-MPTvVO
zNs6|4qoJ+SUM@wM^YRdD-cOGLhA_`ONjFzhjFfn}lIf0BB&NgQ6C`!}j5?1TGbq}H
z@?sjFwwJRUrIXR0)X~vYsB7u9bK1yKLrg`cQ5ZtPP2jE~aJ_R>P=u&|t<@Z!HIm_K
zS25Lb84Yt|IZ?kHOYb`2pkr6nj<k_ECtj_%68RDlU;~nMKhqC_^X*`nNNf55obXa8
z2&m2=JCzEi(H6bhqbnmZDHl^ST3_ir0U(FO+()9QoMsBx0*h3&PuMVP9k@0<7m3=V
z5+#@KMU$#d&JS~?Ph9in`D%oEeWj-aILK4Yr~*Gv%qeWSToNu4)GKCaPe*IVkvn;<
znh=cs`y0gcPBV^{&NyC!&9lx-r&in^EZWpqWLlVUip|mf0!SOR^*5nH&LFHhqixD<
z<w<K8bnf{sDgt)w*zuirCnb<9UAAoSp@%MAx>WCC{CNJynG8GPu*0+2Y}+<%7JT;k
zC!a1DIB*aEv~Amt1Ap)R_e;ylMvfSP>IZs6?-L#@Lsr6AHp6mU{HB}y8J}+Z?YH+n
z`!sFRB$LUuY|-+Y)!#6t$Ri|{mzV!ltyBZR{`((r_+dk3TdTL%Cp<aikV7)cWBzQx
zg0j-mf&B*nK$m^@{b=62rOTG@v-jR@+qMOOOeWK=Z94$?@5di!nB=QXo3;x+|NN5$
z3kD7vgaE^b4SVum|9bv~7b~kOM;v)%^JdLlnOR7WHcbEYv!tGok~<Q(N~aQOk2-Zr
zoEe+~bQBMxUm;CWR6=;)aZ&3d-krPzdfP{AI#M24764tn0{t}9n_S9@*^KU&qq?IS
z8nlft-Psoem8$y`-LHYbChw@DugI1tiac^g|2mYENFf+}dbYE6$TGwX%TN+p4jl2t
z?5V34RkrC|(y4djO)L58RprZ<<<@U3zp=&7POkdTkt4V6UQ)SX(S{X^vE9h;Wip{(
zT&rgU#Srno2w_Mv2nq0n)0@Q?z+Iz70&ffHaU<H#oj5Q2iqbm3p(3T!?b=7s6@kY)
z&=H!trQ~LjldsN*Nml-x8aesjK`1OvtwP+9PKMs`$?XQDjc<DhDo7?P#df*qeKDf3
z#{ud1d9F7A31Urg?nW4{V=3yz5dD;tk{!{CM-ziGu{5Y8pn_g~3RVXobZJ?ISK<}T
zR9tec(FjT(sWmV75aAZnYir_+G^hv@K&&-#@<tjY;^dMBv6##OI07>=6oql_%2N~R
zoB+0B0R2Z3BLAAH5kd^A{HVf7(JoA}Yc)655jzQ$Nff0|Qld=;Qe6W8y^P9T1_AUe
zfr=1AuCG!@c`n=1ORk9$B#UO@%GOCXNK1Myt+m8%q@{9c%?ahmZ$W+60QIJAnOB*6
zHBCT{P+6wK>MC`yrFk5?8h{5cy^7S-f(nDUn<DH$24;o4x{-dVD;PsS*lW){bJbO!
z&Y!<+>$bi2+;i&Gsi+R&mzQrTD{D|%S_%NAWu;{e%F4Hvvy9wwJZH|FufP6!#E211
zn>N*aATj_Hi#!>YX_U>DWwRBzoKP~B$pG*T8`e*rJZ1g*btaG8HEEb+j5TP`;OL`|
z)+*SrVZ)4g4Lv}HWdJxsY}lYdX*R2J@$&Mm0Q}zj?^PWHH*VOF$z(VHG6eAwT!5{F
zud>q824!Vi%ge>1#*G?v@7`nftPh$rY0{-j7shJrOV`=E$fsIBTqW-r^?lO35ez>~
zxsj@8p$F8zu*f8?T)-6S8tt($|LSqLkJ!&^-c6hmQ^VET*QZ3FraHX}YDM@CjKq}w
z)LF~(A*9?|Fyb7t*%1Z+E&Cn0a?giXFa5H4YgSU0Y1}H4ZPMcF4VxNwYw`ztsKf46
zomlC*<=It>prm=rwnN9&qF2`n+f_(uRpvdeSreq4RgS0yQ2s-@`yoxbA^!k9`-$Oe
z>LO?}Nq&&UggbPOkSpg4gSFQQg}lY>3cq|U6f+!>HERwaekE4h<{}qBf|Z$^+E<st
zc1K}Rw_8BLdX-OYVh^?L$#!`yGRSaa%qTUe_V9}Ij`_J)v_5Teh_a%+2f!U;jXEL%
z(yGX>x088ldbETCGCiP*MN&k)!mHTQKYKvvv6$lk`j^~w0L=w)W&sYFT4$vzyn2CJ
z@r?3^o<tjS<Om4>*TH}x###<ho5B@oB&62iwy$00EfrdNM#{dchx8DENP=1=P;oEU
z!>N?GSFFhc))!P(#14}6HCi{-2Lt_jF8S1ATK7iBBQrM9>SszJsMeXqe<NBoX`o(x
zWg9+i7gX$xN=AZK`F?C`h_r}6a&6471S6?cI=T@U$zSIR747DMUK@5A+?+pmZfilM
zjPS-D26DPL?Lt-A`fP9@0|Hv_BSE(gWs%&mC?sr^&8{I2)#30c&`v1!A~bH?xJ{cj
zb3gpBZQC}D8a0xkEMoxBq)C%4TeehJ=SoXUs;a6gD=K$uvKvDN0PEMUpEi9)j~@GX
z>)OpG6cB(R1K>H%%X3M!(pHo&^TRjacyrsfZDU4{*{w;F*Is{p-MaPah=(y{oC8B_
z*QO2FViIrm7w4J9HF0;bapOiwk{omN(K>zO#*MXI6R829ag!$HTeehJ=SoUTsw%50
zDl41pwwri4*}8S>KKyWQ%T}${tX?}~#>_(wKG<moU$li`nFaOQ0NQNaOHHn<c@{FC
z>NPWZ7r_LWCxz2vh-2kV^H6Z>9-43HBzF2q9y)97oRiL7R1xVF)tG`p8MHL4G2Bj2
zJmJOEi@uGjUHFvNhQ$(6+sYg>jq)6FCPR~D8Z_#B_SLg*|Jj#wHg)LMph**6+Nk>A
z!KE2iQC)%66(w6&C*^G0rix7Sqc16Ky1Oja2n4O_>WPaT0<l?4I-wbWEW;{mx25yS
zBXU19Llc^tP*+4U+#df)YPt9zZ|G4!JYIQ2pr@NWpXQ}$va?BoDi9BL2{UaK7|_Yu
zD&5!x9#a^)w!d%Ji5cIkNsFh`3J}qIq60;z^gNcsb@oW@-WF%87#+1}MRkWd*<@xD
zE7y<GXhQovAG9s=P+f>Es}B|FHabJSPjB9dVD7bG3dL%$rK_y&Q+kQkEtG%V_=OBr
zv=|Hq1#W>ZCuwwBL9optx&{K}*;KIPYML3<+Nb=LAkYh>cBiyBQ14bJ!6r!4Me0Tb
zH1DD|*_jc(iKamZCghb-BH}^-^emJjA9N#g6G5ooB(j@<Yb}?I`#q2fQ}W_P%s|qR
z=?UE*<%QjW(IQ`Ik0o5iI%yqlQ-wPEHMwZ1WJ9nSLpYJFs?UG519^9aW0kEzPuvu?
zg^U)uY)+<c2$8y5_-|;ohXvO}_{N7@7ooYyJY$@7QKVC+hrhIwG~p71bx;c&u0Cv=
z%_9<y8oLxc)M&kvG~l5HN8j2xx)vA%#*i_#*Is+goH?`me*3AP3YTlGJ$v?g|NZwS
zO`f!Wj~@S>|1k&Nvu971VZh;yx8BT_WcTaVZPlt(g7S9l+5rGEdH7h^vjh@EWErOJ
zGXTgXIhJ81r6tQ(uBfc4M1;jl7Vo|H-iAL8i~%xcuPp-rFa(B}VN74s1)=WUyU&_6
zYw6Nu?b@}SJ!ejNdHLv3qeKF+y+&m0MfjTc@yEb<&z?OQW4T=J)z@DuDJdB@Zrr3v
zlV;DEz1LoQcI?<OEIvnv%)nh26y=4ac=0uH?rTJ73Q@ec$3>At6}(UZVcLu4D6}?~
z=4%zGrub|%F1irvvEDkM{uYyq<|nJ(m2aVGmp&cOzV@>RuBn*6x@l>q*=`wR2wB7|
z=5kfbw((85hNWYF-TBbtH07YLEJw{ECXKr^lWZCAyxKuSgJ8+w@x__yMs*B9c~psi
zJ|exl_>)8VTGMhB((^b=G$9X~ez6>d8qpJaXhes>WX7FyJ#Rv->u*`EsqJ`z^U$XY
z-KvyJf%HyLZ%kxPD<dwB;Uk^fqJaP<h=@>`qzoiA?CO?e(7W$`v3B)(Dd?fV!Zf8V
z`v&w2gZGP!O!LtIhIR6;NKf_XsO}D^MOatkHkw62b&DH~32|;dRZjY8(z#9NO+19X
zRx1%w-mK!ykzA9&W({;yL+>zf7OAW%Ip|%(I)1YIowNc7X!!%Qll!(y6>F3l^@tIA
zPlDQYt%6M@VP_}2%L9T5&P3^4uS$b9Z`$G1tKzB_Z4`{HAR9ys17yJ(C_R(_wa`tr
zS@`YkGHx1*R%ZR7O|NB3+Z*X^TC|n}hN4(fnteB%Mi8RbiY=q++Xe($Dk3^Ta(YJy
z+YslD5r`c+lLY#`TwH$77oi5oP=igX(Xy>9Ia{xr#-$vcM}App)nF)HaKXwqLi&<B
zw=A>dpq4%}BJRES-ZN)@u-D$5#VhRq<aF|&fdeuOKbkl1v(G+j+_>?fhYlXlub-If
zTe<RU0C@KK=XJfmxab#x7qQ4|{2etp2=cez;qb!_n=)m}E3drLy?c+bW5>Su;)`#-
z_4c_x`jKe{ZA_T?uE_;;PFk7<eTW(Pp@$v<oPYSyhtp?lYu>#1z<~o>v}nO~MoAb9
z95|36d^B&~f&~j2H*S3Bp@;VG*B=q4y#M~1)vHI18r7sxqhW_1zI4gbH(r1J)KgC_
zD=Q1gI;bUeMNy@sYBzmQXp$%oic)nR)^PLOm^deelb(B`bS{JTqW0p>yRoFk75K5e
z6Fq@4Ojat-m<9#}+Jc_twZ5gdwUvZAAKa5@5JfEI=WWiya2%w972*B&-8X#rFh569
zUA21ljG1>|%eJm)R<@Ou2zQiKXUjH}H$U*lzioHuuuO^DlWT`!M7RC2M|^uwd{YM9
z2-F`bUQxcXG=hCDXiCDpQ<A0^kGORoY-?eyE2R;Kfs8)g0o2rd)Fww>7$KzyDpZ-j
z6pX<oAuCVlqwXj|gRI!k@`-7<k@^M>grFd}`#kVCg)$wtS*|X!Ook=Elj<BD;7A(o
z?|0zjXP5M*VQ^ojtC!3<fZ2RY1|vTl;QBtwpRbdAiVy-xOLFqbRfkfm*|J*kCT)j$
zZk`hY2>G`Bbckno0e1tgiuufs0h$jtu<#m9tdQqud0@#B-O^NbwvGs?32uY?U-NWe
z(?V7b;DHI%pne7It}S+DrL>H_Gs*hX+I!A*_O!~~Qd}i0_Fc4jk36aOv1>|0B6gkU
z`m~uoLFPm4Bg^A(hFgd}rQ;(IlV8uaKf*<gyb?DXMV;2tocN{&?nIqXoP9|{sN>b9
zv_QZ24pQd#{(O^FxC)cgkGgeNj(x94`0fO#JD8fV08)c~v&-5p6*8I39tRH{-sQ1n
zb7p-#dq(*;t2pOnZQ8azuy4QqgBtJNwwP)oQb2o!^EZf~PWV$a!SbO{_sc&c^gq;f
zgM8MWf8v|h6}vzS)YwnVpSXtOc0QNA)+lmJcdW7&g#P1iP!AaL^Z+^>sHE$qu8nkl
zWQ?(F27!b5iDQ=x25$I->UYu6EX^PQpcRgiE#)e-v*R3Vq_R`WSXZ4K)V#@f$Np(o
zL$F1;S&3GmHA*4{3+6GXcN%f>Tbi!ytgT4F9khzVKm(-QGF}t2JS#*ZEISa^4J@}z
z6U|aAJ07=HH(67$w!vG$p{gm*Pa6OPI-~odFPf4b<F&%O&^Tj)WY66U&tJ&bwOc(Z
z+}Vr&<rZ*ulZ7IZPz8k&SkH=~#u>uv32Bys+oaVvaH|)P4$ECVGYUhV`Wpp<1=gT`
z0`9bFkf4Y{K<Cp!V5qJqy{|u4bw|w_5I8mEcgp>g^;LVGdczgf)@(3@B$&~yyRZz<
zGhub?uCz*g@Na)R^2qPiwkTSruT}mqnik{H1VL4S^lsz_foW38Q$n<T^#a|3PV`>u
zqUcx1J8zW7Jm#57*j@+*S3Az!?l2UJ>xy7``?!S^T*X_aPCLRhzd}ltCA|#`MyE7?
zXydB#`ifZ#2$E4ev<oVK)h|gB60Zax0vo-b89>Ej9yQ!+WON?|+;6$~t6uWVOimpE
zk|^CoMpn#iF_<nx?w)1_6()yDBC%{Byz(p=x?l2b5%YL6Iz)&eF>s&=ayG&@hXKbk
zSQsZX1eG8>;L_G3CO%wi;A<Y84XISUg40VAXUVz^H#Lc=U8J;}$6H;-0RK%2epTMQ
zLYS^#UN3t}O)2<pj&SvZv>7G;k(<pOm1-vAA{2m=Uhr*0s7KbelUhBL2)4-bYT?Kh
zw`Djj!1)$7M}1;f3A(Zjne%H;5fKr)9O^63EPi?e-D+!ChvVhfkZ2Og&`BA;=p79V
z{2@==5BF)YHPnzIR6(Zy4lh5od7Tu`7yG3zWakV0$&VI;@K9(CWUfMe*J9LX!A(jl
zukYtmB8*35@9c1S2&#3EQ7h&T^J`I-;;tG|6lz)j6=J4f_kCsdPkVBbCqP45<Yn^v
zcWFUEf%`>=EsK|@E|F>q(n`!98rB-&PLY1!&s&>Wuw4|pHuVt^5w*g02s+UlWeZw<
zia_ElAOd+)SFuC~ty<8w`<{D#Z`Pr}pC<PcAOL{+?Yf-+&Uum~`hbv+v~>yhRblDK
zH_K<&>N`7W-km?8R+s{>5L!|Fz*lmozBrpx2z8WD&_}M9(gJt=iy9Sff|GhGal4@4
zWWtUkHNU+<@`)-iau2)Guq?G0e;Cji?1S6nh`CQ24Yj!yMO#^F5>>db$R^=!dMl*t
zLgs!}ZxK(uor%62J*AHPM&3OX?bhb5-xk@8gYD?vz`(fT783q$HBCB6R>)l6y@7j&
zti1-ux`*ZHUvc|+*eeU(4c#ngK!Rg`O%TxM9fEI<rQTsE+%iE2o7lVjLNimxCP%Pz
z%y(-i!8MfiF@xd<BHJ6q*|F51p?-<6v2)j`w`=W~_iK&v0sv$g!wkz`N=g&v@s838
zLFWR@p(XcZlT#W^>?c6^s{uPHLI!{YF-drVu2=L>SYzxMzIT{(3#b-4#@w4CC`f3~
z)!Z&&zH_sV*g1yHakh5)_*obDd#%+2+c(T3=^8geajCbLSRHqr*<XXn^x<1G*`TCi
z{COnFUHI#=#X1XVrPSA~4LX-~le*7jnzJK^y+YL$K~CDM<%>YRC0v(qcXzt=%?mi)
zLfiz!xTM?Bt`t-B_Naab*XtLxOWW%Ian#*iEI6g|?S(gg_Fcw~XK&{UbXRK5@UK02
zsNXOy=<U>gFxk1Wu>fNXk^4XD7_ogo=IniER8(o!Zh-_vB&Y~VQjDO0h=61e5CtU{
zNLEmgAgL^hAQYh$1O!18$%rCQBuSElQb{6Na?U|Qk#nfKt9zzfnECFy>;Aew?pdp+
ztD!jOy!+kZd7iz`naOf-E2rn=`RoHqQx}4)T;G;V((&gsf2zwFIfNO#vZQ0>7c`!#
zxK-~-|L<7<p(qi%Jvr>pxX$V<PzI6}9G<My&EOTD(=K^<qK+T;QeJ`h3C+@d{tA)C
z;=l{@<DJ~mZR(SYJ*~;jEoC~qSuae!rUiv+SPBoXqeLwEWsBe5K0z^d-cnuj?ZYR1
zT(M=Re}=o>x}}&nK1JcIHkC??)BW1;%ilJ5cH)oAH^!824cz*p)$D=FA&Xky4Zf4-
zoW`W;&wsppQq#&MUsB_ZaH?|S+M^qSKIJP*g{4gz_v5v(*_J*G3=kRr9CK;czP1ec
z?l_41%JzzK{eHmQ32RW@HTmBU83Vb%9e>8)YxVt~6O%q6><{cb&(-7Cc7Mg9C>1&i
z;+D<hZY$FP!($P)#Y?ZX)AY8+6{X!lGu_^pt9*CuxzT1zd{$PLm<B_tRsR=H?B)>r
z*U;+Md~1XL{1it|pFX`JJ^Q7@Jo;6wnSaLIhV+#J*OjgGqGdgog(*~>MQ`dFCG)0M
zm;v(#nya%{DOra3-sBy*&=#!HDAvWp)0x*dRA`kk-IS=B=8t2J?jSpjU!O>6GeGeo
ztW%P17d}dEtyko9dyg8c6MyqjqBG<JRhMe#KdbG#JM5p;>#}gGuQ=w?{rTm%lecw_
zEqB>U%T|omMrIUFObDt-7hf9~6g7|Csy5!5z#KX=ehk08J_$r;OPc7c9`^ZAaO~5F
ztQt|pvTwiUujbWF=k?idtMb2D-gZS__!yJPUiUMIP1IrddvM&<+GD@W|JjT(KEH_R
ztQbLzO_!sqmX=mS<f~V&bd1m~9-iKGqK{^i)Zg{R3a4@Wirg6R>4QQjOU?dxQJ_*K
zRyaCD-N?v&m9f;Jp!?%MX`lN>^k6lckmWt-`Nm?mDc#0qutY_mX&Z}#TSsZ<h3@pn
z-FSJ1OeW;i#&p}3-+A}*O8LVf#=VagYL~uUN*HMEvYC{=)BoaxTo9XpNkzcX0)x7{
z&W-U3eZ;R-d#Kqj+cn5auT?pN$ijSjsw-g<mMP#g`y!^8?(<|lw)F|8Yqve7&rLPW
zLVW7uTjemm7Gv++v4V^_=rylQwqfT6%Tc3s)1Pg_6giw1zcZes8}FFRtmGhKv1`@A
zC$B+Aj95x99k0CcwJOo~=e0mKp@*H1d@3_a)_?GKgc+q3d`J?i?($~w++??_>n@mH
zen6~08!O>Z<}2m45y*=9mUX{+B6Im4-<~<hLN9ya$4G(dp>Dg<=QFq5W|rEFBgO8|
z^Yd+&TO>x8xGYWF$rQpV_j~Q<lUN^rmsm{f)g*4Wy{~%tU^*a^nt-QA^gbSX4)>M1
zdhDoaVyyl8$sh@?k~25v+lPW;QOmmJvqDq8CqLW_{~;PHj<IR8F-$C3iMhT>cz>gh
zb-TFGZn}E8nxDDXv5RwiE930hTP`c{vBXW{_RQ(n5fs+JD8ooHQPq`LoU933`AWx-
zSLqx-zinsEui>hf?ylub#Lcmn@qQ!cwQC}THp&jECb36@m#9i^Exr*jU2M8D?VNN_
zp?IOLNXHnxB)vViq7p5(Pa}B13Jh1Y?~uFr-K#Ip+%j@qYDocqeywlIlwi0%Sq-6M
zx}LKFm&Sq+%)C8iP8Z}lof~GH#a}#Fpz=~CO*j3dfOF21#B)5zvvq6Ov8|OB9iz27
zqcyGY^g02f)2ejvw?J|m)|cau+I02yp=}}ld>s?xJ{rzRT&=8)5T^9VG_9B_*&x_{
zp1XGIBs!5#{Tt}McwljwDpHgP(DCZ8Y%N9{iG13mD*kXeN;KAeog49aflw4FVk@=1
zIuw0bw&dvnPGR(f7UIoii+S)KR6+MdOA0feftHa`Z-#MSM2Kv`_FRFqeT=Zh&;0lA
zho9kzZs5L^9IjJH9m8LzZfBa5Ln>H&hpHok{tK$pBC%w-(`ry1h7j3Mml153?#${i
z{#Z#@VZ`UzZ~IH1vNwXN*V!m)*AN$G<g&JLHaZl)ETKjAC8_|$Uosq`$l><hsx5tx
zZfx_-yC5nLLeEM{QW6Vhb8ZkEtK~)r;*0e5c3G`R&--&nKRx>O(|}LWnfA4TnoF+C
z^zC$hlb<;WZ|GLvaYlRl24ud(&U#mAerS&W&4Y=QfAlq<wkesbn5^rlwk=tsYX0%6
z<aV*kQf*#$eBM0tpkP>v@3u9A1=_x@Elr;qaVwH==4Xy|$B&F?qr*Y1Y5GCzf}_ET
z9MM<i3Ss$Ep_(duyu7?mGXzX4HmA&``(TYlGbQ5go2%u@uWyE5LYF>0P#SoJoN@Bo
zQg;DLG3cnWMZ4QdPweKHG@)c8=H$}@eW-fLvnro$#$TKW{U&79ijeU?!dq5rRvVF_
zpT~FO;9Ran(}$>qYtN6dW4rB%kLRnT+}0(C-3!bHvrWgUe!NA2pgL4(JO`Y<8)jE5
za>o)UHW#oF)gzrbHfcx6JhHMb-9o|}K^D<`VRB`VR#pf_GrC!iZk&0^6j{&C;eDDq
zK}TXJkYawngmksVE!|0Ngued#BN^T(m`pJ=0E%w{*SHbVy!FWC?}S^1p<kMn8U~{n
zJCDp%I9q*0D>i+&MRo_4e1KJ$!ULI7l3w|(UTPy11d6eEe?FJ#+_qk~v4_&K$Bc_z
zS7Icbf1HhV?<`vJ^bflba|!(etat4>n{H5!1>57<uhg86XW{I&_^rU$?L{wQ-G;9e
z$Z|}GRNd?k&|M#lzhC{@eHb;7oEYQWs>^I-_w}2C|FwXmL(w2~OO8clt6rIV-(^!I
zl(xL7CAmC)GDvE<os!vTby%7ReRi7GeDJL7I;oAoE?Z6!8#Ytx&K!%%An_A#e)5ar
z7cD(IGcTykls%weLKC_R7AM!2CRv3nDG=bM4_i}pX@gGw4G+AMeEQ@_!NuV+J}^J;
zfVlnHX--snJ@d9@y0{p6B4;edb$hapNagY4$B)Wbr*AjZG@zBlDq@qWFhE);$8?wR
z`lK>7J;w#QEV1iDR_z~85<V}~Nx8Y0UkaC_7rpl*G+FRNJ&UmQZQcjpgD}0$W6ez}
zeV-ocgS}l>2)wNb?rKmOC%f`8oZcbP=q1x2Nnx`Z7JQWZ*7_%lruD39tRP`^NLgv(
z^4XB;kr-FPno+UKNV23f(y;JR!E%I^uywoBWLh4R=1|40NazO8OU%ktw0GuO&0zb<
z5Dd=;zi^A5D;A4)ykL9Q<g(u{53f(BZp3W1z4YO9zb)Cy@plHBGrZc#XEoQ>Q+$&U
zNr5leoPXA4EWPR4XL_NOWur>9u0>zW-}CyFO;<&+Nxhf7Zq$hF$8FJJhVE-aLDIeP
z3jQxurPh|(`r>ji9hkoDt@Q&Omlh{d(#4jVIa>qJ9@%wb3s819X65KDE&T_q+8Gr|
zRS8erYKd9^r#We|u{^y**LBSP*6FG0<ri{v&dUX3KD3glaOC6+r;E=l>XwWV@CMtF
zb3SYi55BE^rDlJ$gwzpBJ4r(v;FkV8F_D558ORfQUK`b#jKfVd6|I20bpFS_))+@)
zO{AWl%Z%~NQ9-k*I9YGKPu9sd67Ee-x-Iu^eA~}2G53B(#J2ad+s1O6(ZWW(H1Y9p
zk~(&Mh;yqfXZVC1)yB^h#+k3LaqQJ!KcosBQ2QgEPyZ8}FL+9`MNNC=c^&s++p#)K
z4^mnE?|_qkJmy&)#>*SUW5QgC-Cn?AdeLp?`SCf~`<}Hoz7bz36)>&j+no1bb*=k*
zCm1Oidr@5_a+UpC(~K&KExFOSE^eV#I$1F**#X#D+meyj)qERhw?;K9CC3v}-}%%S
zh}miX;Nwhh#@_qI*1tmTOiX8r3Z|t`YxSrkXFBfvsjEpdlRp%+(u?Uk3PaP2>WVF1
zMTQF6OM&bilr-^tX<y#Ho^cKO8$zsdQjFS{{1Y>z;MvA780|vPtHyGYo1L2fEE_(R
zVGtb(`|<4^mv{VFe(G`mgsrxH-OE!|BMvu0PTe@TVyO7o+`~6OpyKwKmv;kBm`GX{
z89Pa8{NtO9nM1)NQ95vFYr8Mhiol>>S0UOe;Kj)jL7B3r2UtHnXpBcswk9MbbXb4l
z$nD|&{QmuW4(@*z;@dv=ebk}A&(9B%TL7w^=&?sH=YhJm_NVM*Ki?!y0H3M)d4!j1
z3s6Mba;<da4|f`spsm8(igF%w#LKehxaljD7v@e%5eHG~PH^SF^N1t5Kcw8)ZK-9D
zS6`U^sLO2&3+~5l*fHTjERD$+>i+$a_n5wiKi^jwxlXUO==kfT8#ESSVnaf#L+m^X
zABbOiibS?#o7da)m2A0hpi}s>{y8_7BTZIION&)&Dgk|G=H{7~)gz9=l8lT?K`=m3
zthmyVZH69iaIgA#n!PhmHKe;W4Y{Oo#nd`Ta`|?NiSy3eyoV|<P`G~|Mk$;^rmRi4
zxIQsQ2tCwRR}Zfqf!x^i&UMA*@kzswQ@0|8qNRyLF5J9-FOtjTELUXp2(<hl89w+j
zI}&F6c@az0&9eS=OQc84ee*uTZn;C6+{1@sofY9587=mRO>jA>E_$U$_r0S0;UE}K
zo|wQH@Z~+!SFo_q4LQ6wC?zGOd@^}|$=e8&k)B3jf<(z6-`^KB2~&KHGC~?2Se_e#
z2M9KOq$Sdn+tMX&*p#dZBN)!ttgnwo+HP!S*T*;w&h0yt-hCrfQN9`B`=)y2%2>gK
zrA!Up)C(mA$brR_ghc+B!&jSSuT^K@aH*;eznhpU>qdx{j*fV>ab%t~R1H)}H5uZp
z&&wsD`Vlb<;j?q~Xui#n%#^r7v9MD&(CHBie~e*enaQ~#oqCq`GxI&}w_Q2=<mcHa
z9b`fDxxZJyWfHb$C~C~1h3(1~rs-DR6^s`#>K<oJM9aOro=-Mi6Q_zm&B5VPHYZKC
zdtAEGhB8<nJ*{F3msb*tvCWN&obBKzC2lLycZkaFYt_6X`j(YFd27acRv)%dPO(y^
zF8J*&ywTFqj|`m{yTN@qN%Yd|A2G2~%CGqvpUtdI8oN&Q4SB>+e_rpjS|9DEAKM=O
z9NWOtnreuu3##iNdThZLOd-uJY>TTlbtKw?3$FjdN*DK&$9|hI5E?VMuz%sI3`J(S
zUh1haRoX8vPnC@PzDGX3FAT>3IaT{t8QjdOjT8yulrAYO>@46r$X~oT4}<AjlX`Kj
z%8$9;CAk68sN|F;)Ckr`iDT-fI<n8)inxp+bVFZ*#<JYdP^N?XY3_94w*rf%Ge0(f
ze%4DYq>2;r-MT*cHNLA{obC!bLug59D;SH}7~+gQf4vh3&ma2^akwpJ&J9(nzPTv-
zp45kK(J^*|lK3-#+4%83L`}Hh7!)XuD|TOwnnxvbLQkeyH(RQK2w09^D!9OaD@Rf_
zHS*LAzOa<^bd_ddYxxT-C#c1LOX6jG)Mu`Gxm=hV@Zmgq>E3v+>&!yGH$CJNZ#uDa
zVb$yo-`@h+h$wL%dM;vK8_|<vkzL7&HTnMHEpSb@nm3usuP;z~tSyWI55#9>9YjF5
zWy7$r9KB?7LCL^VR{AUb9@|^gv_~&J0z4Dn3wa7wv;sC#jV*ynz1p0tNp`0-wZnC)
zaU1-e(3XJ><1>U@PIqezMvaN{VMYE``41Yo3^xYL{h^LYIL*F|fAN}EUutVnv&|60
zKC<{+q?f|u$$n-a1oqHRo#@DJ3pbC+wdpB5_AK)_QdN5Ea>B*i(WMG{hTzo_ge&1I
zA4}<6p;Kxpe{-hStut>%#u*Pp3vBGte%A+B7&M~x1FS>SNDwy{j_?@(qv0q20$6~D
zhsR}cyf;lhk8=MJUkV*VbW1{*QD>^IV8mojlS=Vugq5<A5~4rpUEuoWLjB8#&mNLt
zDJmhSbfSlDIGuPrc%aP?J5<JMQ@A~<Z_C5W%QQ1S7}dA#qkpE?E_yZWlW&al>~Ato
z`)MdjCBHuC`|T6;s$wavdU^I%lv7V`n^9QRJ#Y{KgwsrM@=3+OhPJ+qUOPtDn#h&L
z_cvzhVu|)J5rJKZ>_f-|aY&lguE*u%97Y&9kF=Z&ymD1ueto@~AOCr-g4Ou(Tsghe
zo3#|<t@$U+Mhr`k&vRd%RSk#M9JH#jTa(7IPJ=g6bTX(s=I7^u4Ae&~eYM59mTRg?
z@*c!)uZ?kHC5Xc>v1&If+?G2O+eqf&kaP)PcWowaV6ownt}19WdSSE{AnSEertWCx
z(Qp#z7MXbmGpEB21?SWA<5zE|U%`oK(lp_kERI}QO*O`E*WqCjZO<14=B;=+pTLDt
zH$eZ2?-YYXSGrMF@->jr0C}?i*nlut_U4SDMZgH&bi-Tkdczwxs&1T(UTrrG+5@6u
z^Cxrrt%;NjA)D@dTkA`}9J}|OjhY3o_cMUg5t@@vB0|G#-2mqYi4(2_m$2BWw7n>`
z`i8I@Iv~>PRC-Iq06Qdv$3y1U&~Vsxmfq@kB26UyvsTaN6*}E<<9F?CRmH=et^_rc
z!9~S*)A8qxvt+OX8yQB$h5ZNn*2ZG_16^WVCX%^+#5=9s&rZ`b7P0vGJ||}p?ngJ@
zZUAoWqWz$JaDUZV;!;y=48Jyekm%?eK$7_RA1R0zr>gSpEBC-$am;Gf*;v>-X0AC9
zl=N~fkvFgDxx&&TZA<LyM9rl)rm{hjxmOt&T_-;C`PF$Hu~2^fPu6u&1*D06#Jx-5
zfL$lSfBCMxKUS`mkg=eZ*c1TcI0U&PL>MxrM*yg(VaIgyk%TUjxxv$cN{8hFD%y;(
z#ZGe}vffmq=Cg6$bP=McGl(f*Rz=gFx}ro;;397Qp2gZ3Ms5&fMvfgB_2M&|RvE?1
z`9pz4i$9H<0)VmBK)Tri+yFXA(PFI}ooMK_Z7&H{F5#yJA>N@f%!n&KaLatgC6CMf
zn9ggberIU7-dp?K`QXXnzj2(eA!i2(Z$0y+TkHW|<I)f(ODQP5(%rO&`lpQV9vPsT
zSH=bv0U|`@Cv!2ZK!~?;U9#xNDzA9X`tnqxw6s1Fxzws}OM28I3grUR(UWkVWiXi7
zc%1i2r&Wf&O~HuoNjho|py_6VWzX{Z_*T@z{v_zvnt$e4Xx2Hy^M5d%v^0a2Mz4*8
zLBJ3Tx7VM=Pk0@*m_{_@+YkBklUm#S=}Ad%q}(cmK*yY~O8mUFtRGqgi60@8qRp%D
z`Ur0Xkp9;WIt-M_@og3@9ltc^NO$Hu7H#a7dnK~grt8xI#3Q4xD#2yGWv~Y{2tdt>
zJPFf$jp>F(@YDuUM<?vntF5(qEL=|c*yVE@O|jdLI_`({*p)8%GxPVt-L4QekXqJ}
zLRLp=SHJDAhlLO)bi!inE5hp~S5nVCo@nMiaO`s2P0<S{O+to4PKBk^!D$nD*R~zK
zbSH?lBSU2U^m%>P>R%^D3ue@f%<unAQXcFIx-d2<^jW;Jz_`fK5OiY1o!ST?D4>aC
z!_CPv=wCk*U<c}i5VRbS$@{<R=h+nh`Vd(sIu`Y0Kc2$l)59(!Ob^<GQr~oWs$+4I
zJ2C2#{ooQLxOOn3FXPFwT9Q#Aj~f&?jGXXcBS*k|yPOYQ!DvJuC%U<j&bVl%mj(g8
z*ORPy*1i!QIT<V+;_66NM?)!_VA9!at@?A_p`lTa=ea?mByMc4;Oki;f$)qsnoeB3
z$$QbJd(MP+-IID-_|f=X!y?CMks17YvacCvQ>2h@e5aUa-I1mK?wWawb47cmVoTBy
zd#x+=B~PpQg=}MrM(Fc=Ux?pWO$al9$2aFgqwwwjc&x7><pAotNbl`t(P5L2SD~Tg
zU%(ZktvsnY@;MP9r<@0$oqbBrc}=inbG{l3IG@q?c%k-?$`yNH2Owrlb>+nx<%`di
z9hxbc*(UM(RY+|rl1n+@0HS39ph%DWc!gbWidB(X8@3kKzjsY<qq~4J#_roQ$m&Oo
z^K5$7%MM|sH)l)P2@vId@bJLK44xB#OGyFt|JF3n{@wWIxu@*UO>nFrZ&P#DJlf8+
z?Q;j+1&KtutuNjUNYl+81=3FD0Rwx@zAQgnBZbq*?m(Qb9W}@_xgRO~@WJp}hk5L+
zXtAXzR2`KE0A}v<=QoCdORqoZC8M6AM}*%TRmB!A1d4B;YmJX}9_;`HU^L^K=M^7=
z&H78vYFiY}s5l5*{ihhVj|AVkQtw>1#iV24zO^L6RP(r;DNHrW$#nZN#4Y<3yE}mM
zZ1M-zIk#th*4Mx6p{MXDUhdrRJ^3`vpdd>*?9X(Bcq5J7{*@Rz*Xycj?7lYQ!{KuM
z@YM_-+N1L@6|yoT4J4Wh7}rV<CL<p^@(N!xflHy6T4k`mw+MXNy6HnL;InfAgOut}
z8;fV~wkm4OHP@}AL2}_af8Kqi=zLqMuBNv3>*^8M$mIq(da<Y&bgM4C^kxIUyS+U?
zj*wGF!Tk@2bRSo0pnd)Nwcq5gro{V~j=C705<hIw!c+#Ls%zEhFgEaLUcH?0hPS1)
zB7He`zM9MVa4fgsdo@4%vh|9iCoZE#YasTa4o0^bp2cKiCUVXqB$k>reb|K$BR+um
z1P_TBUIixh$3A=${%12(ib-h0fLd5(rc5YQjuCO+oU3$SN-<uVK;H=&UWQ%6Z%x~Z
zZNLnVV{47{>YWdz79qn2>rzk!r*8P^&bP4Q_S*z0-Ydwj7W<nNn6y!=#4c|W0UT$z
zFDbjMypFVG6Cu2}*+5snM14)%ALBgQ7e@SGmhqtV4S+PLb(xkeZFO^vzB33LfFU3(
zLcJ2S*au$dx;%vjpv#7;5fFcRN*?lLS7iXl)@*4I_)-U@v7}pN^r+8QzV#0NENAAI
zg5gu%^io&udKEpB{QHKuOxmsrJN+^L$061A6?{zh=lctw;atA^%?WX3p(dNGAEZ-q
zgnjmnp)+UQh}7Z{y}pKIq~PXszSjT>J-EZcn|7d2P6I4g<TT8V9z)BAoQhg72toB8
zJyLd>+3+fURJHy@%x{{(D&KJ+lbbKYA!lq%|B=FQBCPsZX$2R8p>6QP>hs9_?91OO
zZHlIsXG`ggod)WSTz(N3H(D-}Vgm5{3b<GEc*}jXB3~GwqElgZbW5q9*c@(5?f*wa
zDUtwMw>tI$GG_J1aDrk>8>L9{5&6CnHyGAatGvoplFM@WK?BeOuOQGAMO~Lu*>BSO
zqP~|$%cLU*e(wMR7j=Z74miP8!SvC0M$8WW<2wU`Q}OoaqdL;720{0K>o86^eSG47
z1X#Jf`AbH|%$`P=*McA9f&$qqr(3ti;hK}ucj<TjDFG38L27b}bK3e6kaBSdhV5B7
ztW{r0Y2w0|4)~;L6*LMT>gC0Vnz~57KKjohGlx9qF52x7SSS$pCYL14cKoa?o#s>a
zzTa{yd|cH&zTcjaRFejY*_atwhgW08GuZltk`%?OS3Uk<*t?Hw-whVldxvHzFOD7)
zyfam{S99OfFBR!-QO$g@QJUgaoT4f%j?OwN4uekDe%x5DvM;!3$94!MaL4ouGwmma
zYk^;{`}*_U-s}0LFs}OMic8;$a~-EuvunfsQ-63SZEd`+c26{Sb4mL}kluWN&M*T3
zh{ZHu?8Q;jzdmK2QThJYC-?=T4CA;`T3U)u)Kqddr}zHzyYN5$GyRD#FxFk4Txus`
zB?}i{J!cg?B}h6E{L<CjwX$S7xyc5fzg^BLz51?i;{nmW@|MoXM)AL|Qv8yAGdI<C
zop7klps+s<(@n^MqTs_<JT>pUFsl0Iin=`Adir1IGY!ZT>H8X0fUYDuH>nacA~~G}
z#Xo6)dnP1n1`RmX{OfB|(pPO)l?+9@V)@s%oA|BW7B=`2l6Wdj|8-xcL`E0WL-Tgx
zTVwdOy5+kYJu7vtbFRvL@utT*+Gb|~u7H!~qsCMahtAxDw<QB{%B~3FB)%qu{cGXv
zw&u3|daZc(hhyg3T|LOY{I!{gkz;lZv3I0Ai~#Kd0ew6_Tm`^(7@CY-HhDo;27Q4i
zWayqnpLzT5S%B=(;u*J@fTM!FS(5*@+6M2mO#O)r*R@>YVqb~m$aqy{y@btHikx6z
zIE!})v5;t9&s&L1^VuFL6hYmDhA3dqwT(XFHgMJqz}L|GAxKF`SexP27h;KQ2%mfZ
zUN^pjZoDf-JJn?byB0Z9BQe*`tr^stk8Y>c|Adj65AN&fp;5|=mDrrI9UY!;XlTF_
zH}J8jI#ES7`#*~6!v)PN1KBe^&;I~UMti)%>D#`uo6wetm2jTF>%;CiTeS9k8J^If
zqo<DrwVhSidi597P8gnN<W7M0;p9oqwd+VE!hO!)_`>av{SUV_Ql7Jl^a5~DWJhZ)
z+?|P909s)OWnyV*2`%EZ*r*7dl2;5~;V_N7;LW+&4`aTCEAaTo(*)%(o8Hg5$R0P4
zj5yaDd?N4<7Wt$gGght^Vjqgm;xT!yPNU)G4s|n7>p)gqfo@NfeZ^5%B-H&vs4nSH
zbQ!*}V(+xGS{c{Rmvl~dV1Ffqm8=xc0AEHD+##)|85VtV)geJL=<B$Rywc%tUmdU=
z;QaEZtF?RP5^Y^wR_D;zl5y&6^V%z$-%koZoXOww#Y%kgp<IzIx0h)k3w3|(XQB&?
zM?)i24Dd{?HAwAHs^h}Z*dpNXW~&CdmMzc_c5HC%;KfMi?|&*}2YA#x*3HqdEe|li
z0<+;_I;MF4m)Y4_AUbnUtPPz8o}dkhFzx^fzh+->h8wA!7-?~8Y%_Z1@fcL*jnztN
zx;p?l0I9Z7G8@<d==Z-~w+8-LH1b+M9TsJF-5q%G4177reeoSo-#s5;RDq;9zz_l+
z07XUbP~@5`NnSO>kgNbg$V&GekdmeyH&%y&NRtSC<I&l9Z+l|43e!m^+TPxdTF5I|
zN&~$Gc*3WmIrtmq3%6%`X58~O;`N{ny1BMMZ+F=I&*U;C(&fHwJD$h+c-_`k?~?iQ
zv!OF=%bjY+w$AsN(l{#e*)C^Sk!VSdMUyZDB_xHhSgh38=PoLcxPAgaDghu_tnwX8
zT)|?Y90x*&s5{@@c>QNsgy0LX&<b(84-b1<&T{rv#9|wEtBrH@3pL1=&s5zeG-Efq
z$87Lh%fQLqma}8GnxwayMpgI<hC@KAaUT_o?co0m$UhLMEzpB{=y`*c(1y@qkp$sQ
z)qVcu2?`7z^obr4pIQeq&x+$0#DOqu0ba+Wp)m;7Dgs(n`J6S+eyBnp230_VBk=;x
z&99t@aT`In-vwxRfIX={!Z!fr;+uZmd~@;cS1-yHpr5f@9kI!l+#`TS+~N86t9#S5
zC!x{RweWmgprQ$cqfcEnR_>bv^w?ET`p5kMntp9B%Rx|ph!=K2*8vb3Vzm)=_$$5p
z$8a4oIQ2kQHJ>Z^!^$T06JX~KYx5&rdA8DHQ7C}u&5hWZ)wv=3TCHsi#IdTxTv;Hy
zICTA{R1y~!n^Z|UCGcpYk9Srwnt`k}g>q{mHrLzmHrr`$lSAj>ciZz}_|!>~wlovd
z(hXm6pTQc_caCrI>1N#n01jz%2vnRa0MmP77#RzQ+Z%ZgyUfgHoa<es7T?lOPcQ99
zKs%h+QSaWmSy~2s7gio4y*(rybMfxC@rTPx$HupL-vwbaR0-py;*+V_1UzxOxWs9B
zi5w<XPOiAjzN5EZ+;6*hNTA|t>g~+<%pRQ$K*VR@sWL#L(c%~onO@1s$tj1G5V){2
zu6-LI*TK_k^|jIB%rXnt0>IUHAxnWq*4gI$S8Zw6Z@hhIzW#LvaT4o1Yk0Ok7?*3I
z?|N?;?VCS@jXCRxu=D()9^{%mb{&>8O5lf1K7?!xJ{oQsq@G8s13tDOc-8m8<CY7?
zU?tN20F~;64mWJIt>6h_ZQo`s40$-f^A@TRmw&<jL!PpN?~&hm@ZiDE_c!Pz7aKtJ
zhshZckwf$Futbde`Y)0vQj?RBFg0XQFPsXgR~*Wn*Xv@1;>}FfObldgi&C$wgb5AM
zT?$<JR)83Z4*YQlWW#X+slyH6wEgCL?u3$(lF{aI{8kqp^kIvEZ%+`fFX+xg^sYd7
zT=0P0BEB$IZ>ypULqF3!_^q=rmb0J#vmLammzS0#LG;3O+gF-PErd&Q#%m}od>UpK
zcO><Rw>Q^{9$v(5Z&GtO#dX|)IO>_px7b{r16`tX!A4;?!YW-CN*Tzqk6=3D`L-)W
z@*55E2J2Z;>IYx4Z3S{NJHBsiu9B130tg<&ie4B7KtLO|!6vW%%22?wLuX08M+z?}
zt5OgYs<Be+B<@;dhhM>GP^Wc)M8)Ym9Lx$7?EA@}$511{6a{Ad?_z_&G|s)Bondxq
z!^g)5=0z&r1xbljtb*K3aMaNOk8$l?h=GxV3x<V@dmxYOp_i}&X=_H9!?dQ&qX@%U
zGrGF6H0(&9;rv38bE2L9BOuRS`$~3Kj<vF9hd7-;a4MNCeC~Epq}xtzA&42A5@aLL
zw=N)Ry)RzQ*@#rtLW8A1NqTT*7zCO8reEN_gP`<8U9lg82M1Kde!a&G*E0W=KJz|i
zo*7=jn^y>h@#asyH4lmv&3-S@+_CkD5OeDok#$w=0gBFYc-5pvl%&whlb((N;sQM8
zVP8qlio}xxkPY7AaJG+!Sh1@<SSLsdB)VBUP1;4{?Ga<)88*Vq3~`Vdzgo(<Z3pHt
zTh0t}qy0kiCH}_)`vF=<gGrz+**7XM--?k~lR56ulA;6CU#uRu?MBY6#zT-pAhIN(
z_~D?ZL;8rx`}F|IAY^On-mwc@iJ&zCx9HmZ(NlEj7f|QMEmqL-mtcqT;cH!>WH`Xs
z0{MenJyNKWAeLDq2yZcfPHL$G#_FOspeT|EKL8Mp;z`G%V$eQ-#~+nhpl5J(N4G+&
zBEndR=;pz>Y(rQeeT##mcT%%y(-2g?M|A~7a{ze8pMyTVQWqoX3K9^0#TBp9wgjQs
zCgDvAR_KV-Sfv-31@NyQ8``dPYADRrOJn#pKT_Sd5VKMfD~;cvr|vO-@7x;Els!}#
zgooaONdQ+?8<rnIa+AJCO+a-Yf)HsYxcb~CpzX^zKEe5-!aZY1V$3x*K4Q!Jt)V%w
zAvO<Qa?RH6ICaxQSQ=yuXv7RH7iQQ1uH5|b>U@zj#9B1OJ+zV6AvwB3h>&6|Kydjl
z%)Uj{Ri7uhWs6;WyKhKe#BHT&C@?m#B){*3D06A##*w5_I`Jvc=l5KM?j}g>CLkG-
zmIr*Zz<tX_aQ_KwcsLPyIXw&S**qYBY)|61C#8uC(#CdQDIvvt1Aiz7<5PbD`o2w=
z*(Puj=Qty4pZfT~Uj0lZ;oVU@sd5()3MT=GZboBz*Pie{e!Dj9{x%%6cLGVKu(8h7
z19^%Rgt|%{fb2+#3}oO1P>VR+UKBn50Bn!d?bB!118E@1NiMgWf;BW-M$<+Ky*7D@
zU5#PQ$BrG-%eq$u(;KauZ(uN%YIZ3DTkNcv;~Vwp=Z)HrjR7U%;P=zdQ^hd^YxmrY
z1Iv1-Paiv~jm{1?vIb<%L725ieeU^qR}Pb^_wmkGh)7rlfR>97J9D-;zSyitS9rHh
zLpw$vly4{^Bq;!l7Vo@u8E+XAJSsXNCH^i0`Kb+90`>=YB59Zpx;{NIc=ipUhHmGT
zRfT&2XY*XI7qL&c8{gTm%;5jr$ja9L^^ph_sOV*x7_qzG{uqrFES%|8<%SBZ2>~N-
zY}^O@xN`JgJNluMn43ymm?07dhSrZ@C(SEw#!96#b)v}{+GvLK?eqNg_no@Gr?=Tx
z0?H~#UhwNJ00S1idd`qfCD(>u!ulybLR^>vo`E<gxVt#!Nv#4b0QX_z;Mn$o6j1L*
zK*1=<sXsTp#dxb_28IQLdgnpOXW1Hp$ehc=ZsY+7+lH_N*s?iVvGr|fvJGTS_1cRC
zut`u`g*iKEPt*Wthm<j!me*U@#VE{5Pfsu6-9V~`iPwCdJ_U~sR0gC4YTJ=uI02~(
zMA2ZGi+Cg!T><U*Vr3v-c2M?(6IF|ZY!wJ4edtFdLMDc`TwrW%%p-LUYPq5Ne1^?!
zv9ai(TH6xL^<j#lmTYk#hu;S!(#_3{)Qn$Pm4MZgb_75N=^aAp1_kpVWvaET0Ni&i
z5q%s`;nZ+V#1sZk1<l@vzUDJ@0iAiXDt5DKyid5kady@YRW<VV?FmL_5^7rKn}kAR
z1MgP>;A9T0Vg=@CNN}>q&3Z$|XwN&=p{kzjJp~Jp{RvCok!aX&Z>cxl51{A;fdU8l
zPXw|sY4vYR1J`c#2>wO7H*S&j&0x33Lomd0Ax@XI@&noq#!Lt;*|t=@-1Ux@cf{<8
z4rEHK{(;~<1@&(14bWOi#Q_DhRXG;f0n#%Grviiw5BL2HpaCbgeoUpueRGJDB(&P(
zbwN%t{&+`rrMvB{)Z8;x+s~Pz(WDL}sTPuAz19d=1&QDR3YK=8e;GSf_j2P2WC)AV
z8wk?RA42aOhNDI+qZS}YA~b`0{MX6fKw%=0+<*?V<!a+?hkDF_qZqp&DbxAV($kYl
z2jYc>r3x+sU|7e8g5r&QNl+o-6_3Wy!?VS1bh*0sqw@Ij`@JAdi~;Pk<w(-_0r5<_
z7UBA1;3%Yy5a7mIDsbV?K;DF5R;X{zX|d0>-w@bIB~%|0<e1FB!<mEdkaE(2oS1z|
z#Z5rNb7L`4+HK$oa|sMqz9Y_V36sJZdR%zu1Ub|pk<&|;mjGS&y0wZ$*YW0c&qHb=
z5!Q9dh%5H-;XQ!C%%jn*fIue+)vtNGrhDmzg)SC~EDm#gkDi(QzOwYqRgPM4y<?{2
z(A@w$T~TjAgG5{3S{()^a~-x|>=)`4ThO1PM|)Sdr+dPWvr-Q8t8;F~tDMpim+xB!
zq-oXAaBOvAJ5kD&Umriz$OE^IBFV8*tNqZy6oQZ*C0>T?Kc@=$0T8to8ZsjQ_Bx}!
z`);ke=0Nfcp(kWxY;2s;a*U15+J@+lU-jpA`=!im_$V0Wv7pt~0h!ze-k*^3T)=(s
zQ0!`FTM6_eH{)D~+y?+j7II#X5wSJm9wF6slF#p(gwmb4HVslE^c?d6a-~31t{3J9
zT_6r%c76{GrR(&#LELbzeOGkckP8%>ND_of64|#o3JwWF29IF-V7JyjMA{U>zN~L-
zK(Ne6LqGx_c3COvD<*l=2{DLfXtfW3SE?fwhJj~DPkk(1MwjGRz}ZPHYzS`Xx_7e8
zLRKV^QG%%}C=dn!<AWsTzlWSwjtJ_BarnVqTV7vitoXUjm1Ap#WA#OoO<rW)FX6tK
z+&0n2P$N0v8G*TLDtdn3OE_|D1kLM65U^x9H{%Jz)xBF=TduwJl~T)@qq>6Gnku6A
z>+8E6T|tS^Pt!)FEs=O~UbjOvWW)Tfp^tq~!h6SGZagJCezf5-@Z4Qy+4W*kaVLpt
z&R6pT*Kmd;0SH+&;^7f~Bieqy^XU(IWw!vhI`(N{YlYg_`Wr9(sn0C4s(!NWedG~Y
zxS`5HY{42Xmd?FAv+|rXZ|(_N8NXgx8|@pnhOe$ghtR)o`($HydG(bv$Ud8^k|m*g
zzrZvy$$G#X<{_`1PxuUdnc6Mej;s+<3WjzkogII14+*Hl(-ANW7mH1#A6E0D@9gRZ
z%aJrRXm6Vsv%cxTZ&u?CpvarXUjG+IfB1md_jZsVI;N5cNn|F{b+K>jS3zl)$N~BT
zWbL4^0zGsjbPHT29nJ8SY0xbaLPeZ!1Jfckix+=2fsp(JzzXRtaiU{Gf#Np6Ebt>k
za}c<Vk6B+9@f(*!F$;*jSdA<8js}?qvd4t``ki_X@OUV-UPA(ZrpS$;2KTxXB187v
zr^mW4C~>Pw<A3oJD^He2KOPH{>WmVhJMmzzz#j}(p=jp!DUSxa(S=W^Krxg6Uj<gq
z6by)d9Y$*{)7i@_eCa#IyI_C~rh7|L(hDu?`RQR$U5BJ&z*tO3{oa3F^My4B>Z)*d
z;~|H-^3>s|Hk<Z!?Bk_OB1rZrJUz*`kwfW#Qbd*m^B(rBV~IoY(p&t*$$ilKX5I4t
zTfFq<HnHt9>bj+1vezz*g;Fh8<J5yU*uiG(DnDn;m4S;#Z^$)VoM4-8$LyCuLfOhc
zz-l!7$8W0U2L5#}PPp%!m07}J6h=@m(zX3A;@aqt`n2P#ezz9O+&ZbTQu=OUF^NAC
zKCe-`KjZ(m_BWMwUD$SgNj%pU39^4JJ$82MIlP5yl%G)k?;9)*@2%Q*R3;@O1IN>{
zWvmhTFR_!wRk@2;l-l=mLM4&#sJFxP&R>W`pu+BWpU=PVFJMdf@CvHR;_nOQz1za_
z9{Q`W1qdv6G4$Q9{r9EFqW;mDKdd%*OFvEw^8EX9WB!xEpC{}*FG~mMiNvbDZtHV8
zZgutd<C`2ku2g(FkjCp<jYhN=*Et71(J-^<iF?{!S1F@aDhFg`um66uE2~jaF{ga#
z?m5B5brEw#i_#-pE{=;}hha?e6|K3Yuy4oVO2va<%s-jX98jm78k$PZ6dIEDhQ<rt
z5_BDbHav9j_hb2BsOQ&mvky4gVE-a`Es%@=HG>x0xpMhaRNPMq74O>q*m3xXY59yr
zMcQ}t_%kv2eyORsNx^gRJb_MzQq<gM&+${gA5*8#?eX^a=8DwMWbvkP5WtkhF$`OC
z`O4M?qZ;GX6IdLo1mu4=%hhi&o_=S1if&|Ew~~`}*Rp^4eoQK>Ae`~{8$S5w9V>{2
z;rw{Mm)EBH$x`&Kw&{~;sk2{CPO_vm2@G`zIFWRCq4-;9+Wx*Rg63FlB!*!&Zsm82
zUcc^SchRK&-Y^!L+*kZ=pvYZPw~(^4g<EL`Yqb5u1&)=LUaablKUrP=Y8WfWXQX6<
zL<(vYbs6@RpdbyPe{kt3pcSJv_6mT>LML#R(@dXmd*eLuF76=wo@J+y7?<3!f`c4v
z-Do=9<MFjq7szFbk0vN6I6iNQ?`hQ2s`S`tLy6&j9V+Gov8AP4truD0uS&Ej`-vMB
zB5>F3IC2k_Xe~KGqdakR3oc$sxbJ+bCRxK5Ce^ek5!-FqFW$W;PyBuieEr(chYjB=
zuSH3KfnT!OX3g^?1Id?>$;jWE?i9lJ<^b&E)z2&Wgr0m|3loh!g)nmuY{y1)KB>xZ
zukYStpkcn|*8Gs<Cn_Iz(lxl4V1L<qd54{@uP)0XkhBD;?sU@^JeG9{D%@1hWG6!%
z_>j#k_wo&aSx*kHEsWNLqox*z#^7J`o6ZEOU%v0$mo_6Z-xeVS5bdJf?sBfbd(){?
zk6rJK&){>y-yvI0kjuy`#Of8y8zx3^#m93opa3wo!fov>BSSu<nyu9rR*iKxKrW?W
z2cEq9a8p~|clEp5_t&-hffAMu+0!<5^^$>4YdLm=&AvXV@!7YI`U)m$f>xM`q=Vk?
zLp6U0T-UO|SY{ve#(h^Snx5q;q2q9DzYDJwYtCp*cYgODezh9;<kH3b_JOR)pN2h4
zASK(v90kRD*C8lzu-2wjg?>7p4BcY0%Ta>nbp429tKGP<(U{AaMJmJmF%HF2Ns*l{
z@L2gRxi8OXD<Q|53pX4xsYU%NE<__*Igm%Tk&sh+0p|<KT9T(`P`FE3u;NW=o6fmP
z_Km0gvNORiem`c@JZz`fE_s-KU`MT%m13saNiXT~;S`^4hvcsU73*8sJ}d2vjv3Km
zfi~0U^E(3n4_j_6A514Z6UCG81TjhlwP6DXzFM)Cs??fDadW~A6zEcUZk5Z%_(J>T
zs1Cuv*tv=GtYfv&3qO_lA9j4cZ+!8bR>QAHY#fKFOQ1>k+wm>$z>hEeCQNTO(rtac
z3QFyv#Pb^DH`JU^W5nba?bRACK&F`2#w5hQ1C&SlbifCPc+d~;oEWPSP2OL7*QV$z
z0W8<E+YhznD36n4-iJmscKE#tLB@G$WHD*Vs=W_|M=ei#iK0fE(eO0TM57(te}zXa
zA6YYc>*?;3EXy2aF@Sc|vBL%VMLu!lj~808K&0=g*~c9|6l^SsA01C_A|VhMvy;L*
zE{!ie!wb4XzvRUD4b<pi6yg90p@9y<>U~%a!~d@B-O80?!n=LDD^5&etUI8ZV3e99
zLt$oS#--+|YmY&^q>H_B|3@e?MMo%XGy<jt!2*f!#yiUv+`B{$Nh&Sbx{d)vZ^Ld^
z=Gc{cyPYei_h%Tq$$oa6N~jVbt~jQ*J4u7KV3=jlW;WbBHWCI1X=!Bl#2OcwEl0g{
z;5+t+wtecq1ox+}zL2B$kt1wLN%}yo`71Jvez7GQMP8_aPO+p^_%lPky3WkA>|ytC
z+0<<BM(3_PBu;hzj-7g40xq7$!Co*0{$Ef;wwGF=Wug6FlK26cJv!-+%|N-MCZl%=
z+Ub?l)QVIiZKque4$Kz!D(y%^?W}ffV=okob;a(Z@`_5_#=bq-KN+f!<2Ml~mcU>_
zt3k`%(!w#5WpgLR527$-tPL{J&;Ob=A?+XWP1-~5i%^625~~LXXX?op3FajQlI^V1
zPT#*~(DEsvCnl|ukKY$O@0LdMMe}?tS;K!#)khCNWy0G1M+R}asCHa{YQ^l+k(N7j
zWY7hnc2ZmF!Cxy#dU|nwtNP^R=ZzJ9JRSK(#Q@pkh~->GBxN@{T@uxAA$9fYx4c6<
z9z0YSPMbD?>r6sp8i|L!%i_>VqG3Fiw3oWmd(!;KzSIo}|6U(X+~p?~h-3spt0hvz
z%s=Uz{NsDv<N`i8UtbxvhEeLBSBUYX<Fw2}o}v=Uc1#T95xA}-n!x5Q|H?5@_`E=p
zA8l?IT?W_A^Q+22EKS+T3L2U=!<&}o*I5-?x$OF?r+4nE&p9oGdU<zew4<8*D+7n<
ziMWGW8aPyy`ss6>(VxN<m>6jf9N3KtB)+4*o2Ku~==73FbTc{PJbP&bmC-bQao-Du
z4I<FEm%96Cm>!9-`%qKvygz=@{iTwlFh0J%U%Cg>m=I=ko__hIJqmGLqZdV(PVcBl
zQ%92!^8JCK8iHc_nHpI%T53w4OnCPCg=(CHOmb_dH~tCXBExZ13VZ~@i6lfho6KJs
zgylU;A#0G)PFTh<p~fDAvZ=U_;n&tWPA(`Y$e8pcHD4UTG#tfF=ka@9fAKLaj+T~>
z&d=JW+=Lb|Q8%Oa)fa!pxniAy_qA6h-%nRE?6eCY#0WORnc6Jf{S<a07{p1d)$gNb
z*Z#{Lj~L*1aL1WNvU#W&-&-SaNp$bEw1lVx6qQ6PgpxWw{(BaHLCa5cr!DKh7()1+
zh0yE?cL~_L;|Az;^Cw|gM!6~tXL-#MV})dtiO%xXR_{?yJbX1k*6&0@Ax>|nPe|@D
z#k@J9PEEl;7FWy08_#vpG}qVB+(v!Zo^Y?e`l^tu;^xN7^xoPmAp=R41fb|Y0`Tmv
zon%?x;6LQ)i~GXP#Z`Om0HY@W20g8EHm-)?=TCN;8*}{sGO#QJ6;p6>6dt~QSIZP%
z187MSmdm>mS4+QprR-A8HYwL>EzPD?*pVhLLLHPush;snt31>;QDZu4na6IVuqzb3
z{>B{dTImok+WM|!9r4^Sve~&z3Hkp6DB-(vwPF3TF>)NJo!;y;E{k?b>`|9hd!vif
zRHIO+J3aO@RWrIqNi8X^>DLvBb36Cjb>EH(|CR?)!$!_z?^EP2qfm3#hG$pi7E~ki
z{ld<jVD{*fNy0s*q_|M)axI3#+zHpnlO`i}-5<&Mg$0oZ{0zE#<kZOgL_OjLWw_69
z30xO=B*IaAX2(WLG{61tb(ZJ5s5l#9rw9L;4cHEMbo-UFXua?+I7#*7xcMPjTFbyF
zf2!v^<u8;2PwWKt%d}dTMZ0fB+|NF;x8H_<xYjxwTw5FPU+(xvffiCrme0lvNy~M;
z1F@UEpmy!AXHngWAeChY)<VH0mYtc8Ba2k${KG=@ku3qugjO7vhuD3_wD`hzD%^jt
z0On9aBXf6c2UP{(B5yq1-s9vlk)nF?3fC$u8K>*I<9F?Y=InWIe~sw%bv>Tz9W_eE
zDdcL2<Z(z!M6_7)Q?t)Dm<b$G;gz+@&b%RbadE}?3^^mxQ(Rs?Lj4#QIpbV#?q7s~
zb^lHi&&d4mm_m_0(;koL(uX^ZVdV7|PyA^XsEzd5i(q7W;u~~9;rOW9!>2a(GLf9S
zS1R^6sYg4QrMadvS`1fqoO>kHf%YJ>GrBXiERN?=vyJ#?zg^)+3E(8N^nP1H(X}*o
z#PJNg{XJgtmE!K5%XIR+O38q%N$atoR?w<C-Ih$pBYQeQEQ}5572jhKsjJ2KwV{Dw
z=W6-CdQ137jPCT{*#_^4S(T!9UU3(*wG!j@`b8<%CFmxKg};hZlTB>0cT!{6;bea?
zcAkqXhJ6f_C?7c_;*BT;&mbL!+0*Y$X}4DBPH!`hBWLgw*HEe*w=P$z;!%_3?(j=K
zeojN_IfYuA(60L<mA~JhE`V3ra!-w$@+L1##%&~Ab|rx%IkZz<!O^gu;@j$;duwWH
z<m1S*2MGwR7bwRoh~1k88S2WptO6!~fu!TiC`G`Ub!WU-n%P8|4;(}Kod{!-+Yza!
zpt?SA$d9~SZN|&+rKg)LAa&qmWaQERa>t>lWL%P$L3a&~MgBz=SyH^%3k~%amNGW(
z5f(W$?$KTQy9X03#}Pd>BK*jFLV#<>MJ4VHq}QKd=0BZ>!yQfTNkb|i{*&JC48LXC
zfS$X0^6U&U6duB;9ACeHfEKRK=mLdTJNF^+KZtys3Z+a64MGg9aiG?zhtP~n@#E=;
z+WA-JB+7e}f(u8E@%6p@?y@`u*WgJjbtaUrjH2+7ohI(}MBrGu-SQ19k0YC-l%q9h
z4|=z9Ljg|`_-<F^n8!nf5clcYX^dhDIV>@umMslO$B5wKp<(3I^^>W2+ezCq=pih<
z%kgL*t*RBJaS0@a=Zd4Xp2=$b00W=G<%s9%K9fb>OX_iSV%kyW_qo!L^1e@Xx-#au
zo;X6r2s`v$kAmP@5WQoWvkXsYj^p0w7d6rOC50%bYqD#3DJh}(L~#@fMNPulNnBpg
zyxO^1BQI)aI_H|59z5`tx@92RQIS&iu355*EaPF(uqfqh74)U^vTwaq5{G8vc5>^#
zBr4<`LQ%;Hno&BSl^0QawaVBDeB?|5J_X6=c6wXA%>TeAkL`;~-zD)G{aKQ0w1mz%
z*kkBrDbI}}y!`egyzwnNUf$5-w74q?sQFCHMxg}xid-|}$r;~-hd+~{G%N2ROFBL_
zWrx_kX^^4p)$XCrA2C&v<r@uTIqVg6i$Wkt6j<A3++jIB(Wg67^7VE>wZ>sP5sTNg
zddEGA3ihz*mMRL12=2Bhgy^|34Wv3{L4G(=!1wt5J!%T*;|cLN0bfy#9|BL~G-`J3
zFBL(|M?$Ql`r&w8v#I=!i#mP(_PboB4=ih97yUxE><quDqbx<GIlf}YJ@z6Vjy_;y
zI(jrkAx9kL&$DwMRR4o!$wbq5Xfq)mO}sxAF<01=oTANy%=!;N`kVS?am~VauY8$e
zYdp^=gJ+=ig<U4zL#8E=zhPGtD2q!H4HHXXIYpJG2}N7o^u>VVv<;FL;YgRa%NYBf
zZf`3?Jw>u}A>_3Vb4g_#_Ix9kd$h2e?4kQE$2<CeAT{ks`v;c~layMzFvBpyv0O)l
z$LH;e;M~34D-Pm2j5Bb8hDk<CAkQ(8{jmD!FoQ&~B#Kv|69x`i`}`aeADXEvP{7#O
zuGLb|&$G?H+2z6iw<0yhP3~|FI~|hj&L~5YuXwj11&;|GN>hEOx5aqU$WRcja|^x8
zW;%a5MTRor-uVw+aqxqKGKRZU=VA&{Ne)l8R2v>7aCp(E)sRszQ7Z{BK9lu(TQoPm
zI|<OW42X`I891((C{S`;6cjw<NmJujv`6hvtz;KKAR*JixbLId7b@bs3~JZ~&QXX)
z?ln<E4I5m3pvC>vz=3wBj`q<!F1~8O=I4dTTp0ugMSU^rX^^#z*=~!%9sjOy$o`;;
z^P7-SQb3wApx%d?(#j^h*-819X+acrev}o~)exOrxf6xYzIak3<zw(Uv>S&rd+(U1
z%|zDB?f-zOg&nPQq6`?M1}+7sup|811ur`KSTLex5R8b<nno_3OP93$A7Dn0Ab0J9
zm+?`9(23@@HVxSyX4>m|OdeuPh%_F=c=HXR%R}fQO`S9z+`az*q=3OLG5RLabf4h*
z8Ss;V(bqR9RRLLZf}FkM_AV1slP8(jtqeG_duyqq_|QrM*J<?<p=iff950>j?7^`h
zrr2zD8RH=B)>atQQ=FJQ!uM|>!cy>&|DMiGnO!Sw7?7L(<X0AF)=FqrKTUOmJ2BMs
zMbb|~v)O4XWbj+Zt^wqZGJk4{n<S61^A+*+2w6@e5YAiAPg*hN&x|<kG>+V19*-mw
zn`ssCbMZ=i1uAH@eLUPP1;a@P4^OLf)x`Vlefsq2uGQ}27$ym*JN?0j<9|?3DW1@X
zMF*C8d+jKQe^GjE&w`otr{~^?v*F0U{H=zTv5kI+-+6Y)Jxm^ZyMr|>ubH3MR?_yQ
zQL56uNhu3IIOS2eOA`5uiV14A#C<RCk)&XXd$VUR4_&AU*FlmzIn=m239#czQFXQX
zQ-pFq8u>eBW@pHm-Y{XP<GiA>OUZTtgg<*pvca`!w*zD;3*LyEsKGlt8O!2EzZX1c
z_)BcuB?#5aD7-A~d9N#M<%uAS(%rdtfU~2!X17HlMB}5BkqS)1gJ#<0$Gt)i$S}2d
zhWg<uj*njFu4M6264*&}r;g@Nvdxd*<Ij65t{KF*D?#qZxX~3jaTg$wwb!R@(s;;|
zG><g$;KV0FulfROe6OX0^xwH1=69y(nz$xB5L^i8KPYJ3yO(;Tkx;{n+qDmr_)Gcc
zT9Pv|61+ldQx|i25NIBR9um=z{L=D4#iV0mx*k%i>OTM}V6gjK4C+kza`NwwCY<16
z02t<vdm~37mX*27#B>yD<^6=xX)&tg_)&w2P?HxdIV#*^8Vb*4pLXT`t97!I^G=;6
zi5pN)k!W88gF2}dqCsIo*J3t)ggR%<bJt4aN_{#XGCh;6P3=j3r$if~p~78xTs@&D
zxmJl5#|3d#nzAGMuD5HFnv>!Nj)sL+|4)m0eM<+_|9|roK*WybDL1PJ4{i@P6Y{xi
zO|V9w0L3elokX`?(5_8%xUtH}Mh^3V<K(Ucd4#ae<}jz>kb;W{?(ES+Qm7?fh(~H+
znz^4an7%N%o}7+5vLpQN)_-Yd|De!JMkbGVAgJh{^!@v7-uRwyeXU(+ipKrEojOj_
z*jSm8J5u+T6%qmOugk$9;xx~;Gz7Fws~G0ul0s^C{S_5puxk0^@jP}uzSjkn<m8V7
z3_F4p@Y(z5p6Q7lRbYyJZ=B!P9-l5Wt%gEvK{I#xae)WX8g&VN$GmCttS~7ih>xiJ
zot(E_nIvvNJ;hBhkR6YYXP664*jvVit8L(=d$6!)*Ggr4=ySVx4thuE7HKNJVmXx%
zr4c9_uT-QN`HDqL;c4eXADvy;B9WwKIp$9lK59$K-Gdlj5($KcVM$om&Slc8Cn4hf
z3UbA#<9vAvhQ(TBPba<C8Vh-+q?RN8P|%-;i{;p{UD*1x(~Geel?FTOEQgC4d#?os
z#5J?m6NeAW2BWG9E>CKm%|3XTXZ(>E9X-v?{r;2H+@>5YnPiQ>L$FJtK?wTDD0B}H
zxYQU?ZzBD6K~`EV1ecwnQu5L0wA<XelsxB7>kBYZC@3WdBPI%WXDL!iuDyx$=3>UI
zFlc$0&>c^@qUQJPI&^A!o-1bTvH&`Xu3l7RD65G1JP(6sczF0;tvlM?>>e}@b#&Cb
z0K%WzJGFvvo{0bz)36D_SN6pB4tWOeh?8USvhS1xhC@t!cV+TDOt<JTFU>kqDarFA
z#XW+B9^XR=p4{m_f6g~RSDOj>!aq`%$$PJcFaoJXt-*sk=Kbbm0-Nbxp7Py%zCRuH
z{oTvr?x%#ClGk=#)8|6>lIZYY!mu_{=wxnDF3b?9=*p)g5t1}%PE;H(f1zQB<lVU)
zF`k*?H~s(YOf{GV9{Hy;wQC;^Z~o|y*GeoYc}=4soc*&6hiFblJV27kB&y)v9?j^A
zF0@3dpN`z=8_TpL4E9V$9@$UF7;F~$)K>=jLA*E<I>zzu6<2pufp&2Q87A){`n*Y&
z_kIzmWKBO=lLoPbC}k!gs-re-1nqLfoiV$}oweqFwf7}ZO<wETTH9h<3Z*J&txy5+
zfQFRBLRE&gA{Yi~35W&^mLU`(LFOS0R$HNhM#5xFg&u{_fPpH85JG^82$)1fBos3+
z$RvRTnZlUdFM%NR^!nHS=iasc|J3DLSt8lr{`P*y=Y99Hb5_*z=jFo!^o@d!;{(!8
zc@4MBg%@+4eWLcgOLWckTKS*Zen(f&F)O;oDgIpjOmyy78(niS?`&89Vkpty?vQw2
z&g&b$%uoAn<HJLTpm(gC8b7``Y*<czeZRWS8_+vH*_~T+Q&2dS$VJGLkd}q_+r;5-
zli&f2ygKPz(AALzvbD*GJi8q^7wdq+n3h?3UTM<rt3Fu?+ToqJ=CyA>`{=#(uPZ)A
z@7KEJVrZBnsrGlHEIeq48&n~pw7!TJWnrI&;ByYscy5O`E&i_ZE491c7#STj%!-n8
zk84ukct3FB=*eIbJ6u<7#jvLe9`10bHU1_puXh*B4u%s`JwwsK;_Du?o+sjRt*->^
zh`6}7l`~kJNSFH=@VNR+I$AX`#gE(7tg;v*51i{aX$52I-MyGNVZ$v<c<Sc*K9T^F
zbHC@c6^|S>`Fy|SzEHTIP_A=rBf)`A%umT|;y|(psIam_2hS1Ly?E>QV*Gz{guqD%
zG>f~}F0Dn-OEQZ~I|UD=a<z>Ea|2dRqV)aSb=NaePDy))44`EjEdp&FOfbe5v`|M<
zFFZWE)28ap6_YqM@(|vE^)6=-_WD#bIROWgQDN}AjZQGk5VO$r{iQ`$et5j~q`L(c
zI@!4SD|9GaFP)6=A_?o9s4@9*ddRBE3t#FnvsbN9*0&`EZm8dGd2x+0AO`S99f;Ve
ziIi2Fsayhaf)hLvuD3-C4nhT489KMYgMurtAZ;=?j#5x@;n1p=Q?E)oH-9SXfp6R|
zg^9MyVgbysL|a&+5!<^t0qV@k-Ul^@XYHY3`r(sK97>ie`leP;a4zZHRWI}=SB)45
zb!jq$!m5X_bNIt2J%jr-r}+IED>pjpOf>EykFTL&jtR2TzxOK&zlXLx5V{G*pwn~w
zu}lG{6;*_>dViJ7tz%7!LLeCghA|w4VjV%CjG(MCD%~@m-5cOyzUqxMGWWFM3DWX#
zkh!}gflX=ip-%G=65k?Zs(|-^VAiJp?0c-|s;|7iyS=pY=v0e17n0%E-w$Dx6%cm2
zidiI{>sX)Ks$W%i>U$O?LQ!LEPezAF7S|(0lu5*m%HZhmyFb?ph9elxeQqn{Y<-pM
zLk-+v*Fb5AVDjO<9k8h$wPr5rzU4sZ%3(d;KJFTsnl^&*^lGEvtZDR$O*C%5bzJ1G
zk`c^Stu~HRVPWCQ%|Y&%hBRN&qpy;^gokiCPt14o(rW2H;#J=^H<++nWKK)@$_w*k
zB#OM-bmb$JV!grQVE;nWc87FwCIfc<5P`oNP6#xzNOkk8*t>dbD-EIkMbz?>SAFkp
z7C2)*xZbedVv`3tI33>~yK)kXTKL2IXmE)&1nL-?VV9rZll^G(*C^_5>#btO>Q*bb
zhE*0*>d*L*U~rDe-l(PZwUNcaG<Ie$Nr*Msv3A8m#$^4pP50_X4_ulSRoh}xi%?YW
zKV-#rOSLbOcGnm4)=##e$*Wdq%OJwR{~U<r9}F>uLUvrGWCgh3*8j^AJQX(VakrRE
z*D`DKA#o2pa<eMno@2E8qz6&j5$Aa+D@0deEaw6mH3J4LNov?3``1_eUsq7~g6NX{
z#TJX!+b79TU#L4QT!gZAZ+^^27*n;k{*&7u_+-t>7xF)m@C(6wJktr1(aW-a!sa|E
zZ$rsWGzW`Uy@qj&bg+Um(skk~iEH5V;YlM{_*T3*JpDG2h&@)`&J$P$lZLnkD@I;l
z1^LCRMrH&h(1BZWP~|5J{813V0}vSp?>i+<`K?=FuSSPHgTX<B*pU70KJZCl10Ml8
zlG;p}v?dKve`AjPxCIWvBP(ccto(|}uVD+b7yR``#KutA|Ig0lR9az<suy6@0{rc0
z{&qC4mHzE${&qBglSKY!IvVWhq#2zg8PsMRnlxLOWTIc$DMCssX|jx@+1S!KFN)u#
zZ$+n#im864Sadiz9nvHyV7obp>)D0}i?}`z*pip4U8q&CDJ;z7$!9`lvO~1A1QNy3
zc4<PVbYT!D`wj8tmWsCr@gxLfTo_eSPa0z4=v2fF?L1FWf>Rs%CYHAsN<tViPldd*
z<d6B9it}k5x*HN4I%g@J3eJPlZ!UdXe7bLTa;p(6OzKsAIrv4G2jIVsO*wj}mnM{>
znTHi02RIyVrwrCxjkBQ^n5tONS#>Y9R|x&EXL4x2euTj8`oOQtL=m~<hs|6o&rjwW
z!*1!=#FU%E`}g8h35nkRs_?lZ{bM`dYuO1ctGm8Iv3A9$P05u9??ur-B|}{MJf0W-
zyeB$bk6F2?J&JZAWe7!TZG|sIGhK;4r3{`qvZt}uy*4NI+<fCFOTpV{=ob$z{qSH!
zE1(hQRXV(FO@+%KnI9aDF)2y;CVW>(&rrgIb#^4t^X@-PEk>dkZrVCa-#lgWrESFL
z%hRtghCr$O+Fg*WFbkNLaR$-f1j+%fWInHMp-TJ2YlYR3&<v>GH5U$BtgBn<uY8Fn
zCqfVf<T<d}%q}{EcyG|mrz48CD$D9h{7CEg<MWDb{wCRer&hPPzRezmGR8bg$#mnp
zeqg}90mM&gE{QSkE^Tm?<#g}1k^@Hjc0%`CTOVV6w9aGg9|e+q&K=H7shfi;O%$u0
zPci-GAh4HjC~~@<p>(rr+#Zs(KAc+N#7rgxJwG&QT@@3#^`F*pAXU;^p%x=DYTv%$
zY6ieZD*Z+w32#i4>3Enxvs1mojuD;ir}YV9j)`RZ$9LMWR3RY}Vt6eT(W00ckS<q9
z&79ku6Z~wQsF%r;m-e{3kg45b>d}0Jh??DFuCI#Tu%}(DVu`>K=AckJckV=QQAkgo
z^o#w{KB+|vToq^|O_v7urjN=Z8x0x;iGhgn$Ap`NqI`NJG_NQi2t&!N<o6d-W3QO2
z6wRuZ=#}ggfkaI`2#}O0cV|+T>WIq4!%%q3W@I?V2xd%}Icr6ut0Ysp?uWr^3b~4`
zW!N_aW7O2PT2OVho}PfhuJA71CY;X~@cFD;Orf|x5b93TeM_Z*>*9Iv=uZzA#Rak=
z8xc((t!rQFd<5O(HO1{m>igpvjs$WhKa~JG??&;b7wG?i&^cZSYGPw~bZugh)ViM=
zbQ2Mep-9c#OY6nK1MJH|=@WODpylt4&R<=t1yhRa3E;H+IT)UAl><f*>2&tk$v~sj
zOa_6_v?7`7>Z=1zX0`(-8bSJTp^9Vn7q*5V0YPeC3y-Z7R2~EAYVibKf}oq+I5bnc
z7{e2MXciP|v0s3J?{!zHU2a!j@W&}!;j-+Ky{dl(J^N>*1Ae$(Gnc~24w+XiC3u^V
zo{+jfQj56<3g8qi4vS{3$kXp+G_R)!lQ2Q&)Ke;`=F*m8&(Pp#UdqoH)IKXKRp`A!
zcH;>Obyf|mx3gEBFv!;p1@wOMzHsg7x$koC3!(-{J?B%*X+0(-LVJntF&h0~T2B~o
z@Y2ygRFzjr*B!Lgxqa>PH%ndvpokxc`cOFQ-70;!adgJUbO`+z3DW9>(Iz*Z3Rk_b
zZr6yX1$6HLquIyoVR85KCELu-By*qKioB@h8(~2YOw%>U4vt=(8j984Z#hU&8sVsz
zi1)R`NUsDxRCbTig+s7<P=VPUcF;|&xY6F^c9pcU&bkP@_xW85hm<{inn6{EoZ9q9
z(8^I^rr<HwrNB@%#TTaVGhmsGOLVsw1c5L^1`zjD)?@5tvNq05QkUvM(;B+o?)pOS
zXqd2Vke0oKj<RSR7Xld4&up-v1rT3)<Bl9^Q$G8s@Inq%TmwxSD|1pkYR3Wn%AYsA
ztC*Pv?jlyN)lKl&-tMkjDgmJhgHL86wu+Id2aBjkv@ym&g=bW#O+U_{0ZSMch>8je
zyOph2{@GaY?QrkJq_Y<Os=@odSR8yb>m7-AvSnCWHG$;scy$Yr>~O`?Vw@aD>gPI;
zS;5r^VqxIAWxcCvifptU@JC7Fr^L$LIV!2C@as1w_!%{g4}UU%!e`<MHot`v_b=<t
zr4-X3g-uke!bb4>qfY%23KwaaX_#l^)8B;=$%meBILzHV(Fi8j93Cl3S8b40EzK%2
zSz)Wny^?Qa0UNaKp&vDy?H>{>-r;IQXJir_nwXaf`G?vN*`6k<1ZsuQRpyhk*;TZw
z=$qs?i7$qtU0grFjnjiqB8G)g57NlmFfgC@;(N`VTi#1w6xVD~d&p(OCPDa&PdS0e
z+TEOux^;+7BoKD5fH#rW@nU*3a4k}+{xuyb!0-gzFWavWq-`H(74j&=wjO|ukkdxd
zMpI~9^v$7i0Y~e)c63?mh<O%#S?%6J3g0~Y&B(Is;_vsRKEdlE3Jsf(^IaWJPR`u3
zSz5}`N8ML>v<kRRi{t-*8~1)|VN_E-3eb8;WJ1Y;P{9`f@JrRHsj20OJ5zKc|BC*X
zo{p1*#IigS2a^*ATNhFvzVKOhozn^AzBiFC!G=z0j!sdCgdexp=+9p0oW4M->H`7)
z_ySVKNN!kkUjK@+9xWG8s0SUc3~X6K_$u@c+3HYLW(a0mfeoEZCmcIZ+@rr^6D{-J
zdT4RI-QceodPtSY18Z8xCW|h48v{1){C)OCoXeuhy7)^HI!pulQ@V|y2W@RHH#uwh
z#=@iE600n{D!iNfR{z>N%Z@p}BF-=EXKDo**XRZ^g-gCBAuL^)nqZ{B?q?j*aaju1
z3M&D{D$V@#K;l7vRI|_up$s|}hU>Ec_phI$#AJPAEs)$w`GfhUW{AqN<ft!sP<Mqn
z`jgOXmo7jsAnaG4X%&XZr$QWOuXfG=6dvOFN8p7=dz=9V5buR&vI1Foz;cvu!b<Xe
zl$Zqu&n^eDb7v+3MHc`Xp|g`j;e-(^X>4cG*t5CF!2*RamwLs>_w}axPH^^sJcro7
zIk`XLR}x&>pr6o=I2^}}w>`0R-l{T2x?RqSa0?8@4wOZ=E6k$;2s46uPd!kD4j^98
zxEc_lE{B6Ei!VC;N_a0|AIl5Hr_MP|JjxbbqT&JbxbDggE}lM2;V^CQ8%F0q;Kp<v
zXvRh|f)(a?P&LIBc0cD80N}2~u9^Mo^zn<qGXQM8n_&oWae1@N!@~)E9gm!}je%p`
z83ny8O_kweB?CkxCBVsfgzZF+f+z<dOsrCv@pYuJ2u5TX!cxDSL9cA{p-gh)Kt}}S
zjJ-aOdoWRz0#aC!Y7nbmS-cbPQJ5<CaoCj}|CQ&X1ENgBj#NDWtOIpUtCkYE56BO+
zqlferE+Z!5n!?s@dWHH5Uvs0@@rTMFWi@JSeYkN8q=jzP0~B6FS<H27q;LJng3F3%
z1c;;o7#T&%-Wqd|<SI5Y*7px9bMhwvU@~y&T>tV5*Yao>R2Z<YWI~6a?&+dO-$5{j
zQ>gx;4-M`OV!~QCTiNaAiMdbocW}nlRX$B~Wh8B=&u3Q5HnMluJAaUlKkw<_`yHXp
z$6%tXNwaiW=hX75>J)C!57p4H6hs%^l2)J0frj5bl|cX~UfI2*l$%w?46-!W;YB9;
znO4gi%ZA?7%L-!m7{PyR?^mRqLzaFF2kDZ9$vUMNgU9xz1<QVEO^Bd(F-{4P=u(tn
zb>dWyga5s-bVpNk28?jCYAYBmND7ek1`t%M;dstA;wx2lwM}YGB3F`eX(?oFC{-6v
z8ZxGu^O@SIZfGXgm2YRLa@Crn<eeem3e{i__xAcNrXu6WZw9L8Wp9SuR}IekerfPs
zIxi{V<nZFD<}R&os;sbDOoj-^6<KWI%&<VYJHH5%LYvrdNRtzOpacDYV`#hsn)J(n
zdGxZ*sS-DhR|BcBr$ewq8Uc;A;9$DOv0Xrxv+t*-AP|8ie8P9kcM6L(hGyZhW>6SF
z=C_;Xrpl>S2wlXhpw?ow+#2Xd`hm*CPf_am7=~vIjMblnTI3wd1#$e+!z`fCV-D5x
zYnC2W6+g`nm&5^NUI%T#Vt@&Y9{QA{aA^BZn7Gh9EsE<6d>F)HPY@RoLTUGD3uX`v
z>_B2vAurgZP*t?!Z>Xwz_sy0ko~kU+FpH%_-C=e6FbvO}{<VzSF?JzIwUh;Q`)MJe
zg{F$k4@iO)DU-+AKVKB8U3ek8tLms-Prv&S$X$5`4}fYBvSa_6Q+a=~O0)u0P`ECj
zu!;(zf9v6A(ucw8yBb-r+)!7VIQpBmU{vKj{<^9J5y}YI*SsqPft95qp8{S2Pk^)`
zJj)-L`J{=BEH1S8-n|8MsDWG`SvIRAcHy%Xk@R8xJA%|=9GmUR&(|_0R}}2AyL=2}
z{)J}l{OAWu(i#&x+O%Jh%^pTY#m6rO(QzhN2`g$Z)Lz|!V63ly#|d+OGmChO7$+fT
zs!BC0OrZj6sBbgywWZWMC)kpLLJ4u2(6*lRp@f*{L*`#3Odw2N=p9$-|8_#LQ{tAz
zq$dDe;)dF-L+`z1PRQKCVm!aaU5M^?Nz7K|z*T-L!<tZu@0B9rY-7shATzjVdtgzn
zE4ogAzIlksMT6>tZC{v^ytpxQg=%ovhYufKN=1~uT@o@%QW?c6ucg7O!(LK%illQq
z(Bpf8Rk08Dv;|#*Fj&PNzS=B2uG}5bf=&+Gaz_T+FgBOj&v(MRLdMmwnEzxq{u&qP
zh=?vt?0G93ZPhRIp1f=K2qVU8n7cn>j(DL7K~0aJMPW~!`q*8vR^_AAGA96(F*OD0
z3L-7KXGPWb|KQTO0I89gR!b@)YDAHLA5o^AIc@@dUj|RxBT{s|IoK3aPodIrNWpnD
zgJ)+O32lA$%vdFsFCe-umgRxOUX^l8f4UtIpn<6rXs>;V$CSnz{>}+Earu6rU~7Au
zzR4qW(mGC$RmlPQY|J4>F^-$0zN2yidjHU`{AoER;cp}m5SXq_FKMQbt_kU^YyzSP
zN5xzGFZuNd;Eu?bfdaqpxA+~H`RA(0wN|yBN_F`WxF=z1Sa5wYVrfQtk=aL0!<tss
zmF53N*A6`G1un1`e0$vHXLh*Wawej+1f=|x_`MV$24#+SFqEm;2`g+UVNvyGZsE+s
zp)iLgw%#zEvu#-z4tY?`B?$Bktt+ap-`W{|)f_d|ZUfx3?t*MqKxGo$Z8Z9}4^Q$R
z$JwTx<roHH4m?7c;G@FB!K|q`2C<OiCWu=Ry#%`my47cfsLbfuhNSs)xd@;{W&w<7
zz~vcXboyLCVt)W|CGu<$c=j4Nv8~wVshO<lCHNt0>}!|&AP@_*Nfr6ceS2+}N61LC
z^=wP$G}U{K3#3nq!Hf&yE0eA}-jK@d<=r;(L!~k>H4`kugNs`yHp@pB1%8J!)vq7W
z@KonEtX?>pdK6?$<IY_!YWD$}Nl;GILvh_g?d7$Jkv%xg<y%T*%>X;FWIj1Wk(`Yc
zGp(}S&<l9*+%4tLt|rMPF5c7APZ#Pul<@p3WEeEyI*n_)9#`>Xv!%eTN=XA-1@iLv
z*T$~2&tH{R4_JB6`g_j~HOFwC&O$q%UyS~1@P>8C$m`5&=TlrAWE65H#IBj$FxOtO
zoQ<30fP)<4zF}5Hjr@0r=JA`z>FI{V?g4qBr%Uz7P042OrmG)X&t(HpMSJ1{k#4(Q
z44|<8_PRzXlC@=wv)^TbvhRQ_1Sb}c{FO9j(0|fCX~I4vLF8G}^-gt{dud!-PSQ+{
z;w}^5wrZQ$UC#ij@`Mh<sjt_p(L4{c{oIYpb&2oUz{1r`de%%<wll>5=c89UDM3|O
z_|xf7*tz)nCv{uKl5OU@EvmZT4T-7SszhSO0a{lDeYzY_lLo9r!I!UK^>d6<aN(W<
zezjCKREiwG(jMQnP7mPpyXV<C%gvkqA+I98(>^EsT)cENMwuN%z)<(y(7_%18dA(E
ziTpiwI4xE=gIazFHg2gxQ>5#jy`7W8<q4<COXn&}=f3xz{yt>-T*&kt@cbRg^hL>Z
zmiJ5+E@}R$%}j>POxIo(cvJ|mbTX<%jKop3q|t4Xn1;Ru>)5?{Z`^owh_|<xdluT8
zQjrGSunF7`9*{H@0NleB-Z>TAIW_vU0U*d$P{8v5`fI%6sR^wX39VpR4_H>KIbVyL
zZ(RKAKX0Td?cAnkJq7K3nQJ&|Jr??VJZKg-3;=7I4V%5kKk*(n#wBsu<2ec{_}&8z
z^v*eE=Ny+-9jVEC>Zrs?U%htZP0fb(%4hp2!a4u>8O7ZQ)!kcVEL?mq&RSGvE$VIn
zD68a?oRGwEAS94q=}_Dqku<7VJ;JD&V<`4qMob!Kc~81~M{cQUs#{>Y$RGRK97z1{
zqER&`7D8%sa(0zlif~VDtoRWrpKZ@^RZ`5}e+o=Rt)|zp+Aw@ZLdwsRJ<FTz50Ui)
zfW`zs2|1TD!Ll5L$TXCu>#yKf=czw#mjgG#bl&EgKC^j_leI|w?$u1|$nOjf`)0Sc
zVgb;wbK0tN+{$Lk*T&?Tg1{T#vW=d9mS<hlak3h?1+YuOG!B-J)g%IR{z<SJT)w<J
zKsMKqcrJb!J^uqQ`6$Z-9viq&mNc~iU`eidzR)ROryvox8B4d3(d1Jeof9MrX8$L7
z&jDs%>zIrA>>E_zI%1hkVxLE1A5aXMZM2t7k0lncWTJUd-k1ZB{O!`I^iv~#kj|iQ
zqH)~faP&#?tXl$xDgDi<phD8GovubS>4>s;p;z)*InN$FG8T1xrrvwLUM}uj7(ye*
zx5%gUk~-THN7?}bpz(J@rtd{FMaLDS{&k*Q|C=2r6U76GVt_Gu!BaSvt>E>=1M`^P
z>ZMF1MIF0XOMre(dnp0zegDuO_-z)?!Ze{<C$ZaQ;js&I!lrU}wSq4iup3}K%dxu~
z)Z|0n3oMt|2fJ#N-tQOEn6Mmh<wI@=oc8bPdngk^CGBb<C*tEaT~)@G@L6S%KWeNr
zc0rDw!PlE8s#!-@mH5DVx&^(+Y|)&7JNg)gyyQ670~y%ywlL>HYAIWZxqbHPXdNOc
zC-!=YhfmJ)=tW0$1V(_g?rGBs%h2(N%Qwt&^}p|yPa<FG7`r2MS_Ux_KRVtv_Nz^k
z1DLkx@L#FY_f+uJ!(E2aHda;(d#?5;egJsP`@VAY;+`lwq8F2Uq%~);!tYuATvG)n
zM8phCQE&;vzJNb}_D<e(Ueb)We85}oT?LSwE=0&pu|v)BJR3QsbD9$pUuPj>0*(`K
z>%es#e-ZFIPA3J9=Ov7^%OsM7W_z32mNXaXbFsh9jN;k}d5lCpmE}E|rRGvK^jzj#
zqBPt83LJPdA>q*yAwXj)mk9t%h)Wvw_4VpY;udF)<;@Ff<~DiDHsy_1HZNfFCOdG?
zT@vqZ88c|#g;iT4-oOQN4u(g~&|3he#guwj-2{3Tlk?9yXGMhYf<Qpm;XZ*_Lqns;
zQ&R<kSbub!$sYc}qh^*>-6N3~dXK(Ap?Zn6A|k`3fn~9r&KY)tY^P4nVy3hNO5A6&
zU)JsY(gdX^44$_6I-|+icVcrlsRv=rhh*f(=Dr9gSD<uPZNFpac<2!b1r;y@SJzO-
zz_gFc5GTLWwVdf*?zb50%80H2Qfx)e@KRucVBGX?Y)xndSgmuJ*xQT6#E#TmSzA~K
zP3bqBjr{FM`DN6x;b(dCyEiQ9U`&&$<fm|Df3^Wuyw-ZMHyCIqK?1iiwZFh72ELDy
zsb$5Aud7Uh)&EW9G7^Xsqph*g%IM`r0N6BxQ0Rvz7<x~&p#Jmv6L_7nC;%Y9HtZJy
zK^{?2d5L_5^BNU9V`8_eU!&4~AI@LJ8)BcI4M3OmZI!FG%`rI|)7f+QxGfmi0`y<P
zAZvkGI8t$8jIFKaWUjPoVBA_V{)cTzcWmTk0QYs?0s(MuNZW{-X8C+`lE`MJury&L
z0KG%eWOGB&sZ^TSwgEWB5GN^(^Dzjt(1Za#_L;D}4FU9nMOF&7efXgp?S)gSZC>Cv
z&)n3T1G>UywpT2OP9zQ104;jQD)^#=O-p@0e<D0rt_jfChgWnqAVTTJf1eTgf8~tG
zocswRhySV1=Jj>%nf<38jGUY<+7d1L9A);jcI}znx5A%xX01<D`^WlAe)dP*Z;jYz
zWe0bZ1VnvT=C>=CrRuO!z_FwIzI;TX70rHX7g9ZW6ph=94G%Hv_d<8ZP4we@-TEjN
zFdG|<CEum|D1DvBV&Uv@7gO+{CXM9bI6Kb=u6M6TF!EzQRAI0R(W+A4-L~-Q9We+p
z{;9pDw102=kHr?!(a?)*f#-J#HWyt5`<5_1<wwq$!~`rj%O+1ei+9BL+9WrhEFJ=@
znsSs+t}#}JS^b#R5PSPe%~IyQ4?+Ap;TNeMnzV<Zx`d9pa<Np^@1Y#g<BU8udA?bN
zCM&{}F6r5?ipD>!3;HMfN8j=<-=R?3pWrMT*nH4NZftHr(Dv0Yx-dJXd*n!h?7e~;
zuEuxp5XU3GxfhvuejQ-Et4@WADu?wyap;zN!QO%E`vx8`J&t}o!VC*I3feOee+cHQ
z{x4(Z60};rKzq1TwX>tL^R-O_CAS5{=ppG?`>MG{C)cd;i`*zY{Qf4hHNYR(!NayC
IUz|AeUv=Vf00000

literal 0
HcmV?d00001

diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/WebSocket_Client.png b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/WebSocket_Client.png
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/WebSocket_Client.png
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/WebSocket_Client.png
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/XSSI1.jpeg b/document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/XSSI1.jpeg
similarity index 100%
rename from document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/images/XSSI1.jpeg
rename to document/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/XSSI1.jpeg
diff --git a/document/4-Web_Application_Security_Testing/README.md b/document/4-Web_Application_Security_Testing/README.md
new file mode 100644
index 0000000000..a1bb6fcc5c
--- /dev/null
+++ b/document/4-Web_Application_Security_Testing/README.md
@@ -0,0 +1,25 @@
+# Web Application Penetration Testing
+
+[4.0 Introduction and Objectives](0-Introduction_and_Objectives/README.md)
+
+[4.1 Information Gathering](01-Information_Gathering/README.md)
+
+[4.2 Configuration and Deployment Management Testing](02-Configuration_and_Deployment_Management_Testing/README.md)
+
+[4.3 Identity Management Testing](03-Identity_Management_Testing/README.md)
+
+[4.4 Authentication Testing](04-Authentication_Testing/README.md)
+
+[4.5 Authorization Testing](05-Authorization_Testing/README.md)
+
+[4.6 Session Management Testing](06-Session_Management_Testing/README.md)
+
+[4.7 Input Validation Testing](07-Input_Validation_Testing/README.md)
+
+[4.8 Error Handling](08-Testing_for_Error_Handling/README.md)
+
+[4.9 Cryptography](09-Testing_for_Weak_Cryptography/README.md)
+
+[4.10 Business Logic Testing](10-Business_Logic_Testing/README.md)
+
+[4.11 Client Side Testing](11-Client_Side_Testing/README.md)
diff --git a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/README.md b/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/README.md
deleted file mode 100644
index 8d3238b1f6..0000000000
--- a/document/4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# 4.10 Testing for Weak Cryptography
-
-[4.10.1 Testing for Weak SSL/TLS Ciphers Insufficient Transport Layer Protection](4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)
-
-[4.10.2 Testing for Padding Oracle](4.10.2_Testing_for_Padding_Oracle.md)
-
-[4.10.3 Testing for Sensitive Information Sent via Unencrypted Channels](4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md)
-
-[4.10.4 Testing for Weak Encryption](4.10.4_Testing_for_Weak_Encryption.md)
diff --git a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/README.md b/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/README.md
deleted file mode 100644
index 1fc35e02df..0000000000
--- a/document/4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# 4.11 Testing Business Logic
-
-[4.11.0 Introduction to Business Logic Testing](4.11.0_Introduction_to_Business_Logic.md)
-
-[4.11.1 Test Business Logic Data Validation](4.11.1_Test_Business_Logic_Data_Validation.md)
-
-[4.11.2 Test Ability to Forge Requests](4.11.2_Test_Ability_to_Forge_Requests.md)
-
-[4.11.3 Test Integrity Checks](4.11.3_Test_Integrity_Checks.md)
-
-[4.11.4 Test for Process Timing](4.11.4_Test_for_Process_Timing.md)
-
-[4.11.5 Test Number of Times a Function Can be Used Limits](4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
-
-[4.11.6 Testing for the Circumvention of Work Flows](4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md)
-
-[4.11.7 Test Defenses Against Application Mis-use](4.11.7_Test_Defenses_Against_Application_Misuse.md)
-
-[4.11.8 Test Upload of Unexpected File Types](4.11.8_Test_Upload_of_Unexpected_File_Types.md)
-
-[4.11.9 Test Upload of Malicious Files](4.11.9_Test_Upload_of_Malicious_Files.md)
diff --git a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/README.md b/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/README.md
deleted file mode 100644
index 21cb1d2efa..0000000000
--- a/document/4_Web_Application_Security_Testing/4.12_Client_Side_Testing/README.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# 4.12 Client-Side Testing
-
-[4.12.1 Testing for DOM based Cross Site Scripting](4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md)
-
-[4.12.2 Testing for JavaScript Execution](4.12.2_Testing_for_JavaScript_Execution.md)
-
-[4.12.3 Testing for HTML Injection](4.12.3_Testing_for_HTML_Injection.md)
-
-[4.12.4 Testing for Client Side URL Redirect](4.12.4_Testing_for_Client_Side_URL_Redirect.md)
-
-[4.12.5 Testing for CSS Injection](4.12.5_Testing_for_CSS_Injection.md)
-
-[4.12.6 Testing for Client Side Resource Manipulation](4.12.6_Testing_for_Client_Side_Resource_Manipulation.md)
-
-[4.12.7 Test Cross Origin Resource Sharing](4.12.7_Testing_Cross_Origin_Resource_Sharing.md)
-
-[4.12.8 Testing for Cross Site Flashing](4.12.8_Testing_for_Cross_Site_Flashing.md)
-
-[4.12.9 Testing for Clickjacking](4.12.9_Testing_for_Clickjacking.md)
-
-[4.12.10 Testing WebSockets](4.12.10_Testing_WebSockets.md)
-
-[4.12.11 Test Web Messaging](4.12.11_Testing_Web_Messaging.md)
-
-[4.12.12 Test Local Storage](4.12.12_Testing_Web_Storage.md)
-
-[4.12.13 Test for Cross Site Script Inclusion](4.12.13_Testing_for_Cross_Site_Script_Inclusion.md)
diff --git a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/README.md b/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/README.md
deleted file mode 100644
index 53b78daa2f..0000000000
--- a/document/4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# 4.1 Introduction and Objectives
-
-[4.1.0 Introduction and Objectives](4.1.0_Introduction_and_Objectives.md)
-
-[4.1.1 Testing Checklist](4.1.1_Testing_Checklist.md)
diff --git a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/README.md b/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/README.md
deleted file mode 100644
index 138efa9320..0000000000
--- a/document/4_Web_Application_Security_Testing/4.2_Information_Gathering/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# 4.2 Testing for Information Gathering
-
-[4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
-
-[4.2.2 Fingerprint Web Server](4.2.2_Fingerprint_Web_Server.md)
-
-[4.2.3 Review Webserver Metafiles for Information Leakage](4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md)
-
-[4.2.4 Enumerate Applications on Webserver](4.2.4_Enumerate_Applications_on_Webserver.md)
-
-[4.2.5 Review Webpage Comments and Metadata for Information Leakage](4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md)
-
-[4.2.6 Identify Application Entry Points](4.2.6_Identify_Application_Entry_Points.md)
-
-[4.2.7 Map Execution Paths Through Application](4.2.7_Map_Execution_Paths_Through_Application.md)
-
-[4.2.8 Fingerprint Web Application Framework](4.2.8_Fingerprint_Web_Application_Framework.md)
-
-[4.2.9 Fingerprint Web Application](4.2.9_Fingerprint_Web_Application.md)
-
-[4.2.10 Map Application Architecture](4.2.10_Map_Application_Architecture.md)
diff --git a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/README.md b/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/README.md
deleted file mode 100644
index f91803be68..0000000000
--- a/document/4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/README.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# 4.3 Testing for Configuration and Deployment Management
-
-[4.3.1 Test Network/Infrastructure Configuration](4.3.1_Test_Network_Infrastructure_Configuration.md)
-
-[4.3.2 Test Application Platform Configuration](4.3.2_Test_Application_Platform_Configuration.md)
-
-[4.3.3 Test File Extensions Handling for Sensitive Information](4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md)
-
-[4.3.4 Review Old, Backup and Unreferenced Files for Sensitive Information](4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md)
-
-[4.3.5 Enumerate Infrastructure and Application Admin Interfaces](4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md)
-
-[4.3.6 Test HTTP Methods](4.3.6_Test_HTTP_Methods.md)
-
-[4.3.7 Test HTTP Strict Transport Security](4.3.7_Test_HTTP_Strict_Transport_Security.md)
-
-[4.3.8 Test RIA Cross Domain Policy](4.3.8_Test_RIA_Cross_Domain_Policy.md)
-
-[4.3.9 Test File Permission](4.3.9_Test_File_Permission.md)
-
-[4.3.10 Test for Subdomain Takeover](4.3.10_Test_for_Subdomain_Takeover.md)
-
-[4.3.11 Test Cloud Storage](4.3.11_Test_Cloud_Storage.md)
diff --git a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/README.md b/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/README.md
deleted file mode 100644
index 24a2c3200b..0000000000
--- a/document/4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# 4.4 Testing for Identity Management
-
-[4.4.1 Test Role Definitions](4.4.1_Test_Role_Definitions.md)
-
-[4.4.2 Test User Registration Process](4.4.2_Test_User_Registration_Process.md)
-
-[4.4.3 Test Account Provisioning Process](4.4.3_Test_Account_Provisioning_Process.md)
-
-[4.4.4 Testing for Account Enumeration and Guessable User Account](4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
-
-[4.4.5 Testing for Weak or Unenforced Username Policy](4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy.md)
diff --git a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/README.md b/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/README.md
deleted file mode 100644
index 0293191ef2..0000000000
--- a/document/4_Web_Application_Security_Testing/4.5_Authentication_Testing/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# 4.5 Authentication Testing
-
-[4.5.1 Testing for Credentials Transported over an Encrypted Channel](4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)
-
-[4.5.2 Testing for Default Credentials](4.5.2_Testing_for_Default_Credentials.md)
-
-[4.5.3 Testing for Weak Lock Out Mechanism](4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md)
-
-[4.5.4 Testing for Bypassing Authentication Schema](4.5.4_Testing_for_Bypassing_Authentication_Schema.md)
-
-[4.5.5 Test Remember Password Functionality](4.5.5_Testing_for_Vulnerable_Remember_Password.md)
-
-[4.5.6 Testing for Browser Cache Weaknesses](4.5.6_Testing_for_Browser_Cache_Weaknesses.md)
-
-[4.5.7 Testing for Weak Password Policy](4.5.7_Testing_for_Weak_Password_Policy.md)
-
-[4.5.8 Testing for Weak Security Question/Answer](4.5.8_Testing_for_Weak_Security_Question_Answer.md)
-
-[4.5.9 Testing for Weak Password Change or Reset Functionalities](4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md)
-
-[4.5.10 Testing for Weaker Authentication in Alternative Channel](4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel.md)
diff --git a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/README.md b/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/README.md
deleted file mode 100644
index 4a29048556..0000000000
--- a/document/4_Web_Application_Security_Testing/4.6_Authorization_Testing/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# 4.6 Authorization Testing
-
-[4.6.1 Testing Directory Traversal/File Include](4.6.1_Testing_Directory_Traversal_File_Include.md)
-
-[4.6.2 Testing for Bypassing Authorization Schema](4.6.2_Testing_for_Bypassing_Authorization_Schema.md)
-
-[4.6.3 Testing for Privilege Escalation](4.6.3_Testing_for_Privilege_Escalation.md)
-
-[4.6.4 Testing for Insecure Direct Object References](4.6.4_Testing_for_Insecure_Direct_Object_References.md)
diff --git a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/README.md b/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/README.md
deleted file mode 100644
index 1f06936fc6..0000000000
--- a/document/4_Web_Application_Security_Testing/4.7_Session_Management_Testing/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# 4.7 Session Management Testing
-
-[4.7.1 Testing for Bypassing Session Management Schema](4.7.1_Testing_for_Session_Management_Schema.md)
-
-[4.7.2 Testing for Cookies Attributes](4.7.2_Testing_for_Cookies_Attributes.md)
-
-[4.7.3 Testing for Session Fixation](4.7.3_Testing_for_Session_Fixation.md)
-
-[4.7.4 Testing for Exposed Session Variables](4.7.4_Testing_for_Exposed_Session_Variables.md)
-
-[4.7.5 Testing for Cross Site Request Forgery (CSRF)](4.7.5_Testing_for_CSRF.md)
-
-[4.7.6 Testing for Logout Functionality](4.7.6_Testing_for_Logout_Functionality.md)
-
-[4.7.7 Test Session Timeout](4.7.7_Test_Session_Timeout.md)
-
-[4.7.8 Testing for Session Puzzling](4.7.8_Testing_for_Session_Puzzling.md)
diff --git a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/README.md b/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/README.md
deleted file mode 100644
index eaa6557952..0000000000
--- a/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# 4.8 Input Validation Testing
-
-## [4.8.1 Reflected Cross Site Scripting](4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md)
-
-## [4.8.2 Stored Cross Site Scripting](4.8.2_Testing_for_Stored_Cross_Site_Scripting.md)
-
-## [4.8.3 HTTP Verb Tampering](4.8.3_Testing_for_HTTP_Verb_Tampering.md)
-
-## [4.8.4 HTTP Parameter Pollution](4.8.4_Testing_for_HTTP_Parameter_Pollution.md)
-
-## [4.8.5 SQL Injection](4.8.5_Testing_for_SQL_Injection.md)
-
-[4.8.5.1 Oracle Testing](4.8.5.1_Testing_for_Oracle.md)
-
-[4.8.5.2 MySQL Testing](4.8.5.2_Testing_for_MySQL.md)
-
-[4.8.5.3 SQL Server Testing](4.8.5.3_Testing_for_SQL_Server.md)
-
-[4.8.5.4 Testing PostgreSQL](4.8.5.4_OWASP_Backend_Security_Project_Testing_PostgreSQL.md)
-
-[4.8.5.5 MS Access Testing](4.8.5.5_Testing_for_MS_Access.md)
-
-[4.8.5.6 NoSQL Injection](4.8.5.6_Testing_for_NoSQL_Injection.md)
-
-## [4.8.6 LDAP Injection](4.8.6_Testing_for_LDAP_Injection.md)
-
-## [4.8.7 ORM Injection](4.8.7_Testing_for_ORM_Injection.md)
-
-## [4.8.8 XML Injection](4.8.8_Testing_for_XML_Injection.md)
-
-## [4.8.9 SSI Injection](4.8.9_Testing_for_SSI_Injection.md)
-
-## [4.8.10 XPath Injection](4.8.10_Testing_for_XPath_Injection.md)
-
-## [4.8.11 IMAP/SMTP Injection](4.8.11_Testing_for_IMAP_SMTP_Injection.md)
-
-## [4.8.12 Code Injection)](4.8.12_Testing_for_Code_Injection.md)
-
-[4.8.12.1 Local File Inclusion](4.8.12.1_Testing_for_Local_File_Inclusion.md)
-
-[4.8.12.2 Remote File Inclusion](4.8.12.2_Testing_for_Remote_File_Inclusion.md)
-
-## [4.8.13 Command Injection](4.8.13_Testing_for_Command_Injection.md)
-
-## [4.8.14 Buffer Overflow](4.8.14_Testing_for_Buffer_Overflow.md)
-
-[4.8.14.1 Heap Overflow](4.8.14.1_Testing_for_Heap_Overflow.md)
-
-[4.8.14.2 Stack Overflow](4.8.14.2_Testing_for_Stack_Overflow.md)
-
-[4.8.14.3 Format String](4.8.14.3_Testing_for_Format_String.md)
-
-## [4.8.15 Incubated Vulnerability](4.8.15_Testing_for_Incubated_Vulnerability.md)
-
-## [4.8.16 HTTP Splitting/Smuggling](4.8.16_Testing_for_HTTP_Splitting_Smuggling.md)
-
-## [4.8.17 HTTP Incoming Requests](4.8.17_Testing_for_HTTP_Incoming_Requests.md)
-
-## [4.8.18 Host Header Injection](4.8.18_Testing_for_Host_Header_Injection.md)
diff --git a/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/README.md b/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/README.md
deleted file mode 100644
index d256826b18..0000000000
--- a/document/4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# 4.9 Testing for Error Handling
-
-[4.9.1 Analysis of Error Codes](4.9.1_Testing_for_Error_Code.md)
-
-[4.9.2 Analysis of Stack Traces](4.9.2_Testing_for_Stack_Traces.md)
diff --git a/document/4_Web_Application_Security_Testing/README.md b/document/4_Web_Application_Security_Testing/README.md
deleted file mode 100644
index d0d73102cf..0000000000
--- a/document/4_Web_Application_Security_Testing/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Web Application Penetration Testing
-
-[4.1 Introduction and Objectives](4.1_Introduction_and_Objectives/README.md)
-
-[4.2 Information Gathering](4.2_Information_Gathering/README.md)
-
-[4.3 Configuration and Deployment Management Testing](4.3_Configuration_and_Deployment_Management_Testing/README.md)
-
-[4.4 Identity Management Testing](4.4_Identity_Management_Testing/README.md)
-
-[4.5 Authentication Testing](4.5_Authentication_Testing/README.md)
-
-[4.6 Authorization Testing](4.6_Authorization_Testing/README.md)
-
-[4.7 Session Management Testing](4.7_Session_Management_Testing/README.md)
-
-[4.8 Input Validation Testing](4.8_Input_Validation_Testing/README.md)
-
-[4.9 Error Handling](4.9_Testing_for_Error_Handling/README.md)
-
-[4.10 Cryptography](4.10_Testing_for_Weak_Cryptography/README.md)
-
-[4.11 Business Logic Testing](4.11_Business_Logic_Testing/README.md)
-
-[4.12 Client Side Testing](4.12_Client_Side_Testing/README.md)
diff --git a/document/5_Reporting/5_Reporting.md b/document/5-Reporting/README.md
similarity index 100%
rename from document/5_Reporting/5_Reporting.md
rename to document/5-Reporting/README.md
diff --git a/document/Appx.A_Testing_Tools_Resource/Appx.A_Testing_Tools.md b/document/Appx.A_Testing_Tools_Resource/README.md
similarity index 100%
rename from document/Appx.A_Testing_Tools_Resource/Appx.A_Testing_Tools.md
rename to document/Appx.A_Testing_Tools_Resource/README.md
diff --git a/document/Appx.B_Suggested_Reading/Appx.B_Suggested_Reading.md b/document/Appx.B_Suggested_Reading/README.md
similarity index 100%
rename from document/Appx.B_Suggested_Reading/Appx.B_Suggested_Reading.md
rename to document/Appx.B_Suggested_Reading/README.md
diff --git a/document/Appx.C_Fuzz_Vectors/Appx.C_Fuzz_Vectors.md b/document/Appx.C_Fuzz_Vectors/README.md
similarity index 94%
rename from document/Appx.C_Fuzz_Vectors/Appx.C_Fuzz_Vectors.md
rename to document/Appx.C_Fuzz_Vectors/README.md
index 8eccd80327..4bfceb96c2 100644
--- a/document/Appx.C_Fuzz_Vectors/Appx.C_Fuzz_Vectors.md
+++ b/document/Appx.C_Fuzz_Vectors/README.md
@@ -99,7 +99,7 @@ For details on XSS: [Cross-site Scripting (XSS)](https://owasp.org/www-community
 
 A buffer overflow or memory corruption attack is a programming condition which allows overflowing of valid data beyond its prelocated storage limit in memory.
 
-For details on Buffer Overflows: [Testing for Buffer Overflow](../4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md)
+For details on Buffer Overflows: [Testing for Buffer Overflow](../4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md)
 
 Note that attempting to load such a definition file within a fuzzer application can potentially cause the application to crash.
 
@@ -203,7 +203,7 @@ Integer overflow errors occur when a program fails to account for the fact that
 
 This attack can affect the database layer of an application and is typically present when user input is not filtered for SQL statements.
 
-For details on Testing SQL Injection: [Testing for SQL Injection](../4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md)
+For details on Testing SQL Injection: [Testing for SQL Injection](../4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md)
 
 SQL Injection is classified in the following two categories, depending on the exposure of database information (passive) or the alteration of database information (active).
 
@@ -348,7 +348,7 @@ Active SQL Injection statements can have a detrimental effect on the underlying
 
 ## LDAP Injection
 
-For details on LDAP Injection: [Testing for LDAP Injection](../4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.6_Testing_for_LDAP_Injection.md)
+For details on LDAP Injection: [Testing for LDAP Injection](../4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md)
 
 `|`
 
@@ -392,7 +392,7 @@ For details on LDAP Injection: [Testing for LDAP Injection](../4_Web_Application
 
 ## XPATH Injection
 
-For details on XPATH Injection: [Testing for XPath Injection](../4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md)
+For details on XPATH Injection: [Testing for XPath Injection](../4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md)
 
 `'+or+'1'='1`
 
@@ -416,7 +416,7 @@ For details on XPATH Injection: [Testing for XPath Injection](../4_Web_Applicati
 
 ## XML Injection
 
-Details on XML Injection here: [Testing for XML Injection](../4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.8_Testing_for_XML_Injection.md)
+Details on XML Injection here: [Testing for XML Injection](../4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md)
 
 `<![CDATA[<script>var n=0;while(true){n++;}</script>]]>`
 
diff --git a/document/Appx.D_Encoded_Injection/Appx.D_Encoded_Injection.md b/document/Appx.D_Encoded_Injection/README.md
similarity index 100%
rename from document/Appx.D_Encoded_Injection/Appx.D_Encoded_Injection.md
rename to document/Appx.D_Encoded_Injection/README.md
diff --git a/document/Appx.E_Misc/Appx.E_History.md b/document/Appx.E_Misc/README.md
similarity index 100%
rename from document/Appx.E_Misc/Appx.E_History.md
rename to document/Appx.E_Misc/README.md
diff --git a/document/README.md b/document/README.md
index da14f5e7b9..ae2ceb3ed4 100644
--- a/document/README.md
+++ b/document/README.md
@@ -1,296 +1,296 @@
 # Table of Contents
 
-## [Foreword by Eoin Keary](0_Foreword/0_Foreword.md)
+## [Foreword by Eoin Keary](0-Foreword/README.md)
 
-## [1. Frontispiece](1_Frontispiece/)
+## [1. Frontispiece](1-Frontispiece/)
 
-**[1.1 About the OWASP Testing Guide Project](1_Frontispiece/1_Frontispiece.md)**
+### [1.1 About the OWASP Testing Guide Project](1-Frontispiece/README.md)
 
-## [2. Introduction](2_Introduction/)
+## [2. Introduction](2-Introduction/)
 
-**[2.1 The OWASP Testing Project](2_Introduction/2_Introduction.md#The-OWASP-Testing-Project)**
+### [2.1 The OWASP Testing Project](2-Introduction/README.md#The-OWASP-Testing-Project)
 
-**[2.2 Principles of Testing](2_Introduction/2_Introduction.md#Principles-of-Testing)**
+### [2.2 Principles of Testing](2-Introduction/README.md#Principles-of-Testing)
 
-**[2.3 Testing Techniques Explained](2_Introduction/2_Introduction.md#Testing-Techniques-Explained)**
+### [2.3 Testing Techniques Explained](2-Introduction/README.md#Testing-Techniques-Explained)
 
-**[2.4 Manual Inspections & Reviews](2_Introduction/2_Introduction.md#Manual-Inspections-and-Reviews)**
+### [2.4 Manual Inspections & Reviews](2-Introduction/README.md#Manual-Inspections-and-Reviews)
 
-**[2.5 Threat Modeling](2_Introduction/2_Introduction.md#Threat-Modeling)**
+### [2.5 Threat Modeling](2-Introduction/README.md#Threat-Modeling)
 
-**[2.6 Source Code Review](2_Introduction/2_Introduction.md#Source-Code-Review)**
+### [2.6 Source Code Review](2-Introduction/README.md#Source-Code-Review)
 
-**[2.7 Penetration Testing](2_Introduction/2_Introduction.md#Penetration-Testing)**
+### [2.7 Penetration Testing](2-Introduction/README.md#Penetration-Testing)
 
-**[2.8 The Need for a Balanced Approach](2_Introduction/2_Introduction.md#The-Need-for-a-Balanced-Approach)**
+### [2.8 The Need for a Balanced Approach](2-Introduction/README.md#The-Need-for-a-Balanced-Approach)
 
-**[2.9 Deriving Security Test Requirements](2_Introduction/2_Introduction.md#Deriving-Security-Test-Requirements)**
+### [2.9 Deriving Security Test Requirements](2-Introduction/README.md#Deriving-Security-Test-Requirements)
 
-**[2.10 Security Tests Integrated in Development and Testing Workflows](2_Introduction/2_Introduction.md#Security-Tests-Integrated-in-Development-and-Testing-Workflows)**
+### [2.10 Security Tests Integrated in Development and Testing Workflows](2-Introduction/README.md#Security-Tests-Integrated-in-Development-and-Testing-Workflows)
 
-**[2.11 Security Test Data Analysis and Reporting](2_Introduction/2_Introduction.md#Security-Test-Data-Analysis-and-Reporting)**
+### [2.11 Security Test Data Analysis and Reporting](2-Introduction/README.md#Security-Test-Data-Analysis-and-Reporting)
 
-## [3. The OWASP Testing Framework](3_The_OWASP_Testing_Framework/)
+## [3. The OWASP Testing Framework](3-The_OWASP_Testing_Framework/)
 
-**[3.1 Overview](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Overview)**
+### [3.1 Overview](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Overview)
 
-**[3.2 Phase 1: Before Development Begins](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Phase-1:-Before-Development-Begins)**
+### [3.2 Phase 1: Before Development Begins](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Phase-1:-Before-Development-Begins)
 
-**[3.3 Phase 2: During Definition and Design](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Phase-2:-During-Definition-and-Design)**
+### [3.3 Phase 2: During Definition and Design](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Phase-2:-During-Definition-and-Design)
 
-**[3.4 Phase 3: During Development](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Phase-3:-During-Development)**
+### [3.4 Phase 3: During Development](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Phase-3:-During-Development)
 
-**[3.5 Phase 4: During Deployment](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Phase-4:-During-Deployment)**
+### [3.5 Phase 4: During Deployment](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Phase-4:-During-Deployment)
 
-**[3.6 Phase 5: Maintenance and Operations](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#Phase-5:-Maintenance-and-Operations)**
+### [3.6 Phase 5: Maintenance and Operations](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#Phase-5:-During-Maintenance-and-Operations)
 
-**[3.7 A Typical SDLC Testing Workflow](3_The_OWASP_Testing_Framework/3_The_OWASP_Testing_Framework.md#A-Typical-SDLC-Testing-Workflow)**
+### [3.7 A Typical SDLC Testing Workflow](3-The_OWASP_Testing_Framework/0-The_OWASP_Testing_Framework.md#A-Typical-SDLC-Testing-Workflow)
 
-**[3.8 Penetration Testing Methodologies](3_The_OWASP_Testing_Framework/3.8_Penetration_Testing_Methodologies.md)**
+### [3.8 Penetration Testing Methodologies](3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md)
 
-## [4. Web Application Security Testing](4_Web_Application_Security_Testing/)
+## [4. Web Application Security Testing](4-Web_Application_Security_Testing/)
 
-**[4.1 Introduction and Objectives](4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/)**
+### [4.0 Introduction and Objectives](4-Web_Application_Security_Testing/0-Introduction_and_Objectives/README.md)
 
-[4.1.1 Testing Checklist](4_Web_Application_Security_Testing/4.1_Introduction_and_Objectives/4.1.1_Testing_Checklist.md)
+### [4.1 Information Gathering](4-Web_Application_Security_Testing/01-Information_Gathering/README.md)
 
-**[4.2 Information Gathering](4_Web_Application_Security_Testing/4.2_Information_Gathering/)**
+#### [4.1.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
 
-[4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.1_Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md)
+#### [4.1.2 Fingerprint Web Server](4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md)
 
-[4.2.2 Fingerprint Web Server](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.2_Fingerprint_Web_Server.md)
+#### [4.1.3 Review Webserver Metafiles for Information Leakage](4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md)
 
-[4.2.3 Review Webserver Metafiles for Information Leakage](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.3_Review_Webserver_Metafiles_for_Information_Leakage.md)
+#### [4.1.4 Enumerate Applications on Webserver](4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md)
 
-[4.2.4 Enumerate Applications on Webserver](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.4_Enumerate_Applications_on_Webserver.md)
+#### [4.1.5 Review Webpage Comments and Metadata for Information Leakage](4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md)
 
-[4.2.5 Review Webpage Comments and Metadata for Information Leakage](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.5_Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md)
+#### [4.1.6 Identify Application Entry Points](4-Web_Application_Security_Testing/01-Information_Gathering/06-Identify_Application_Entry_Points.md)
 
-[4.2.6 Identify Application Entry Points](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.6_Identify_Application_Entry_Points.md)
+#### [4.1.7 Map Execution Paths Through Application](4-Web_Application_Security_Testing/01-Information_Gathering/07-Map_Execution_Paths_Through_Application.md)
 
-[4.2.7 Map Execution Paths Through Application](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.7_Map_Execution_Paths_Through_Application.md)
+#### [4.1.8 Fingerprint Web Application Framework](4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework.md)
 
-[4.2.8 Fingerprint Web Application Framework](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.8_Fingerprint_Web_Application_Framework.md)
+#### [4.1.9 Fingerprint Web Application](4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md)
 
-[4.2.9 Fingerprint Web Application](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.9_Fingerprint_Web_Application.md)
+#### [4.1.10 Map Application Architecture](4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md)
 
-[4.2.10 Map Application Architecture](4_Web_Application_Security_Testing/4.2_Information_Gathering/4.2.10_Map_Application_Architecture.md)
+### [4.2 Configuration and Deployment Management Testing](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md)
 
-**[4.3 Configuration and Deployment Management Testing](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/)**
+#### [4.2.1 Test Network Infrastructure Configuration](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md)
 
-[4.3.1 Test Network/Infrastructure Configuration](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.1_Test_Network_Infrastructure_Configuration.md)
+#### [4.2.2 Test Application Platform Configuration](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration.md)
 
-[4.3.2 Test Application Platform Configuration](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.2_Test_Application_Platform_Configuration.md)
+#### [4.2.3 Test File Extensions Handling for Sensitive Information](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/03-Test_File_Extensions_Handling_for_Sensitive_Information.md)
 
-[4.3.3 Test File Extensions Handling for Sensitive Information](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.3_Test_File_Extensions_Handling_for_Sensitive_Information.md)
+#### [4.2.4 Review Old, Backup and Unreferenced Files for Sensitive Information](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md)
 
-[4.3.4 Review Old, Backup and Unreferenced Files for Sensitive Information](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.4_Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md)
+#### [4.2.5 Enumerate Infrastructure and Application Admin Interfaces](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md)
 
-[4.3.5 Enumerate Infrastructure and Application Admin Interfaces](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.5_Enumerate_Infrastructure_and_Application_Admin_Interfaces.md)
+#### [4.2.6 Test HTTP Methods](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.md)
 
-[4.3.6 Test HTTP Methods](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.6_Test_HTTP_Methods.md)
+#### [4.2.7 Test HTTP Strict Transport Security](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/07-Test_HTTP_Strict_Transport_Security.md)
 
-[4.3.7 Test HTTP Strict Transport Security](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.7_Test_HTTP_Strict_Transport_Security.md)
+#### [4.2.8 Test RIA Cross Domain Policy](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy.md)
 
-[4.3.8 Test RIA Cross Domain Policy](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.8_Test_RIA_Cross_Domain_Policy.md)
+#### [4.2.9 Test File Permission](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission.md)
 
-[4.3.9 Test File Permission](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.9_Test_File_Permission.md)
+#### [4.2.10 Test for Subdomain Takeover](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md)
 
-[4.3.10 Test for Subdomain Takeover](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.10_Test_for_Subdomain_Takeover.md)
+#### [4.2.11 Test Cloud Storage](4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/11-Test_Cloud_Storage.md)
 
-[4.3.11 Test Cloud Storage](4_Web_Application_Security_Testing/4.3_Configuration_and_Deployment_Management_Testing/4.3.11_Test_Cloud_Storage.md)
+### [4.3 Identity Management Testing](4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md)
 
-**[4.4 Identity Management Testing](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/)**
+#### [4.3.1 Test Role Definitions](4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md)
 
-[4.4.1 Test Role Definitions](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.1_Test_Role_Definitions.md)
+#### [4.3.2 Test User Registration Process](4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Test_User_Registration_Process.md)
 
-[4.4.2 Test User Registration Process](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.2_Test_User_Registration_Process.md)
+#### [4.3.3 Test Account Provisioning Process](4-Web_Application_Security_Testing/03-Identity_Management_Testing/03-Test_Account_Provisioning_Process.md)
 
-[4.4.3 Test Account Provisioning Process](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.3_Test_Account_Provisioning_Process.md)
+#### [4.3.4 Testing for Account Enumeration and Guessable User Account](4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
 
-[4.4.4 Testing for Account Enumeration and Guessable User Account](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.4_Testing_for_Account_Enumeration_and_Guessable_User_Account.md)
+#### [4.3.5 Testing for Weak or Unenforced Username Policy](4-Web_Application_Security_Testing/03-Identity_Management_Testing/05-Testing_for_Weak_or_Unenforced_Username_Policy.md)
 
-[4.4.5 Testing for Weak or Unenforced Username Policy](4_Web_Application_Security_Testing/4.4_Identity_Management_Testing/4.4.5_Testing_for_Weak_or_Unenforced_Username_Policy.md)
+### [4.4 Authentication Testing](4-Web_Application_Security_Testing/04-Authentication_Testing/README.md)
 
-**[4.5 Authentication Testing](4_Web_Application_Security_Testing/4.5_Authentication_Testing/)**
+#### [4.4.1 Testing for Credentials Transported Over an Encrypted Channel](4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)
 
-[4.5.1 Testing for Credentials Transported Over an Encrypted Channel](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.1_Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md)
+#### [4.4.2 Testing for Default Credentials](4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md)
 
-[4.5.2 Testing for Default Credentials](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.2_Testing_for_Default_Credentials.md)
+#### [4.4.3 Testing for Weak Lock out Mechanism](4-Web_Application_Security_Testing/04-Authentication_Testing/03-Testing_for_Weak_Lock_Out_Mechanism.md)
 
-[4.5.3 Testing for Weak Lock out Mechanism](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.3_Testing_for_Weak_Lock_Out_Mechanism.md)
+#### [4.4.4 Testing for Bypassing Authentication Schema](4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.md)
 
-[4.5.4 Testing for Bypassing Authentication Schema](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.4_Testing_for_Bypassing_Authentication_Schema.md)
+#### [4.4.5 Test Remember Password Functionality](4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password.md)
 
-[4.5.5 Test Remember Password Functionality](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.5_Testing_for_Vulnerable_Remember_Password.md)
+#### [4.4.6 Testing for Browser Cache Weakness](4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.md)
 
-[4.5.6 Testing for Browser Cache Weakness](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.6_Testing_for_Browser_Cache_Weaknesses.md)
+#### [4.4.7 Testing for Weak Password Policy](4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy.md)
 
-[4.5.7 Testing for Weak Password Policy](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.7_Testing_for_Weak_Password_Policy.md)
+#### [4.4.8 Testing for Weak Security Question/Answer](4-Web_Application_Security_Testing/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md)
 
-[4.5.8 Testing for Weak Security Question/Answer](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.8_Testing_for_Weak_Security_Question_Answer.md)
+#### [4.4.9 Testing for Weak Password Change or Reset Functionalities](4-Web_Application_Security_Testing/04-Authentication_Testing/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md)
 
-[4.5.9 Testing for Weak Password Change or Reset Functionalities](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.9_Testing_for_Weak_Password_Change_or_Reset_Functionalities.md)
+#### [4.4.10 Testing for Weaker Authentication in Alternative Channel](4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md)
 
-[4.5.10 Testing for Weaker Authentication in Alternative Channel](4_Web_Application_Security_Testing/4.5_Authentication_Testing/4.5.10_Testing_for_Weaker_Authentication_in_Alternative_Channel.md)
+### [4.5 Authorization Testing](4-Web_Application_Security_Testing/05-Authorization_Testing/README.md)
 
-**[4.6 Authorization Testing](4_Web_Application_Security_Testing/4.6_Authorization_Testing/)**
+#### [4.5.1 Testing Directory Traversal/File Include](4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include.md)
 
-[4.6.1 Testing Directory Traversal/File Include](4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.1_Testing_Directory_Traversal_File_Include.md)
+#### [4.5.2 Testing for Bypassing Authorization Schema)](4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md)
 
-[4.6.2 Testing for Bypassing Authorization Schema)](4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.2_Testing_for_Bypassing_Authorization_Schema.md)
+#### [4.5.3 Testing for Privilege Escalation](4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md)
 
-[4.6.3 Testing for Privilege Escalation](4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.3_Testing_for_Privilege_Escalation.md)
+#### [4.5.4 Testing for Insecure Direct Object References](4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.md)
 
-[4.6.4 Testing for Insecure Direct Object References](4_Web_Application_Security_Testing/4.6_Authorization_Testing/4.6.4_Testing_for_Insecure_Direct_Object_References.md)
+### [4.6 Session Management Testing](4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md)
 
-**[4.7 Session Management Testing](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/)**
+#### [4.6.1 Testing for Bypassing Session Management Schema](4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema.md)
 
-[4.7.1 Testing for Bypassing Session Management Schema](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.1_Testing_for_Session_Management_Schema.md)
+#### [4.6.2 Testing for Cookies Attributes](4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.md)
 
-[4.7.2 Testing for Cookies Attributes](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.2_Testing_for_Cookies_Attributes.md)
+#### [4.6.3 Testing for Session Fixation](4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation.md)
 
-[4.7.3 Testing for Session Fixation](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.3_Testing_for_Session_Fixation.md)
+#### [4.6.4 Testing for Exposed Session Variables](4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.md)
 
-[4.7.4 Testing for Exposed Session Variables](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.4_Testing_for_Exposed_Session_Variables.md)
+#### [4.6.5 Testing for Cross Site Request Forgery (CSRF)](4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_CSRF.md)
 
-[4.7.5 Testing for Cross Site Request Forgery (CSRF)](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.5_Testing_for_CSRF.md)
+#### [4.6.6 Testing for Logout Functionality](4-Web_Application_Security_Testing/06-Session_Management_Testing/06-Testing_for_Logout_Functionality.md)
 
-[4.7.6 Testing for Logout Functionality](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.6_Testing_for_Logout_Functionality.md)
+#### [4.6.7 Test Session Timeout](4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md)
 
-[4.7.7 Test Session Timeout](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.7_Test_Session_Timeout.md)
+#### [4.6.8 Testing for Session Puzzling](4-Web_Application_Security_Testing/06-Session_Management_Testing/08-Testing_for_Session_Puzzling.md)
 
-[4.7.8 Testing for Session Puzzling](4_Web_Application_Security_Testing/4.7_Session_Management_Testing/4.7.8_Testing_for_Session_Puzzling.md)
+### [4.7 Input Validation Testing](4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md)
 
-**[4.8 Input Validation Testing](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/)**
+#### [4.7.1 Testing for Reflected Cross Site Scripting](4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md)
 
-[4.8.1 Testing for Reflected Cross Site Scripting](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.1_Testing_for_Reflected_Cross_Site_Scripting.md)
+#### [4.7.2 Testing for Stored Cross Site Scripting](4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting.md)
 
-[4.8.2 Testing for Stored Cross Site Scripting](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.2_Testing_for_Stored_Cross_Site_Scripting.md)
+#### [4.7.3 Testing for HTTP Verb Tampering](4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering.md)
 
-[4.8.3 Testing for HTTP Verb Tampering](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.3_Testing_for_HTTP_Verb_Tampering.md)
+#### [4.7.4 Testing for HTTP Parameter Pollution](4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution.md)
 
-[4.8.4 Testing for HTTP Parameter Pollution](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.4_Testing_for_HTTP_Parameter_Pollution.md)
+#### [4.7.5 Testing for SQL Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md)
 
-[4.8.5 Testing for SQL Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection.md)
+##### [4.7.5.1 Oracle Testing](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md)
 
-[4.8.5.1 Oracle Testing](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.1_Testing_for_Oracle.md)
+##### [4.7.5.2 MySQL Testing](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md)
 
-[4.8.5.2 MySQL Testing](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.2_Testing_for_MySQL.md)
+##### [4.7.5.3 SQL Server Testing](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md)
 
-[4.8.5.3 SQL Server Testing](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.3_Testing_for_SQL_Server.md)
+##### [4.7.5.4 Testing PostgreSQL](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md)
 
-[4.8.5.4 Testing PostgreSQL](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.4_Testing_PostgreSQL.md)
+##### [4.7.5.5 MS Access Testing](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md)
 
-[4.8.5.5 MS Access Testing](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.5_Testing_for_MS_Access.md)
+##### [4.7.5.6 Testing for NoSQL Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.md)
 
-[4.8.5.6 Testing for NoSQL Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5.6_Testing_for_NoSQL_Injection.md)
+##### [4.7.5.7 ORM Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.7_Testing_for_ORM_Injection.md)
 
-[4.8.6 Testing for LDAP Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.6_Testing_for_LDAP_Injection.md)
+##### [4.7.5.8 Client Side SQLi](4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md)
 
-[4.8.7 Testing for ORM Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.7_Testing_for_ORM_Injection.md)
+#### [4.7.6 LDAP Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md)
 
-[4.8.8 Testing for XML Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.8_Testing_for_XML_Injection.md)
+#### [4.7.7 XML Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md)
 
-[4.8.9 Testing for SSI Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.9_Testing_for_SSI_Injection.md)
+#### [4.7.8 SSI Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md)
 
-[4.8.10 Testing for XPath Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.10_Testing_for_XPath_Injection.md)
+#### [4.7.9 XPath Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection.md)
 
-[4.8.11 IMAP/SMTP Injection)](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.11_Testing_for_IMAP_SMTP_Injection.md)
+#### [4.7.10 IMAP/SMTP Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/10-Testing_for_IMAP_SMTP_Injection.md)
 
-[4.8.12 Testing for Code Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12_Testing_for_Code_Injection.md)
+#### [4.7.11 Code Injection)](4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md)
 
-[4.8.12.1 Testing for Local File Inclusion](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.1_Testing_for_Local_File_Inclusion.md)
+##### [4.7.11.1 Local File Inclusion](4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion.md)
 
-[4.8.12.2 Testing for Remote File Inclusion](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.12.2_Testing_for_Remote_File_Inclusion.md)
+##### [4.7.11.2 Remote File Inclusion](4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.md)
 
-[4.8.13 Testing for Command Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.13_Testing_for_Command_Injection.md)
+#### [4.7.12 Command Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection.md)
 
-[4.8.14 Testing for Buffer Overflow](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14_Testing_for_Buffer_Overflow.md)
+#### [4.7.13 Buffer Overflow](4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Buffer_Overflow.md)
 
-[4.8.14.1 Testing for Heap Overflow](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.1_Testing_for_Heap_Overflow.md)
+##### [4.7.13.1 Heap Overflow](4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.1-Testing_for_Heap_Overflow.md)
 
-[4.8.14.2 Testing for Stack Overflow](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.2_Testing_for_Stack_Overflow.md)
+##### [4.7.13.2 Stack Overflow](4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow.md)
 
-[4.8.14.3 Testing for Format String](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.14.3_Testing_for_Format_String.md)
+##### [4.7.13.3 Format String](4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.3-Testing_for_Format_String.md)
 
-[4.8.15 Testing for Incubated Vulnerabilities](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.15_Testing_for_Incubated_Vulnerability.md)
+#### [4.7.14 Incubated Vulnerability](4-Web_Application_Security_Testing/07-Input_Validation_Testing/14-Testing_for_Incubated_Vulnerability.md)
 
-[4.8.16 Testing for HTTP Splitting/Smuggling](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.16_Testing_for_HTTP_Splitting_Smuggling.md)
+#### [4.7.15 HTTP Splitting/Smuggling](4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling.md)
 
-[4.8.17 Testing for HTTP Incoming Requests](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.17_Testing_for_HTTP_Incoming_Requests.md)
+#### [4.7.16 HTTP Incoming Requests](4-Web_Application_Security_Testing/07-Input_Validation_Testing/16-Testing_for_HTTP_Incoming_Requests.md)
 
-[4.8.18 Testing for Host Header Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.18_Testing_for_Host_Header_Injection.md)
+#### [4.7.17 Host Header Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md)
 
-[4.8.19 Testing for Server Side Template Injection](4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.19_Testing_for_Server_Side_Template_Injection.md)
+#### [4.7.18 Server Side Template Injection](4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md)
 
-**[4.9 Testing for Error Handling](4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/)**
+### [4.8 Testing for Error Handling](4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md)
 
-[4.9.1 Analysis of Error Codes](4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.1_Testing_for_Error_Code.md)
+#### [4.8.1 Analysis of Error Codes](4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md)
 
-[4.9.2 Analysis of Stack Traces](4_Web_Application_Security_Testing/4.9_Testing_for_Error_Handling/4.9.2_Testing_for_Stack_Traces.md)
+#### [4.8.2 Analysis of Stack Traces](4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md)
 
-**[4.10 Testing for Weak Cryptography](4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/)**
+### [4.9 Testing for Weak Cryptography](4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md)
 
-[4.10.1 Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection](4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.1_Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)
+#### [4.9.1 Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection](4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md)
 
-[4.10.2 Testing for Padding Oracle](4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.2_Testing_for_Padding_Oracle.md)
+#### [4.9.2 Testing for Padding Oracle](4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle.md)
 
-[4.10.3 Testing for Sensitive Information Sent via Unencrypted Channels](4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.3_Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md)
+#### [4.9.3 Testing for Sensitive Information Sent via Unencrypted Channels](4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md)
 
-[4.10.4 Testing for Weak Encryption](4_Web_Application_Security_Testing/4.10_Testing_for_Weak_Cryptography/4.10.4_Testing_for_Weak_Encryption.md)
+#### [4.9.4 Testing for Weak Encryption](4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.md)
 
-**[4.11 Business Logic Testing](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/)**
+### [4.10 Business Logic Testing](4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md)
 
-[4.11.1 Test Business Logic Data Validation](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.1_Test_Business_Logic_Data_Validation.md)
+#### [4.10.1 Test Business Logic Data Validation](4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation.md)
 
-[4.11.2 Test Ability to Forge Requests](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.2_Test_Ability_to_Forge_Requests.md)
+#### [4.10.2 Test Ability to Forge Requests](4-Web_Application_Security_Testing/10-Business_Logic_Testing/02-Test_Ability_to_Forge_Requests.md)
 
-[4.11.3 Test Integrity Checks](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.3_Test_Integrity_Checks.md)
+#### [4.10.3 Test Integrity Checks](4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md)
 
-[4.11.4 Test for Process Timing](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.4_Test_for_Process_Timing.md)
+#### [4.10.4 Test for Process Timing](4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md)
 
-[4.11.5 Test Number of Times a Function Can Be Used Limits](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.5_Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
+#### [4.10.5 Test Number of Times a Function Can Be Used Limits](4-Web_Application_Security_Testing/10-Business_Logic_Testing/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md)
 
-[4.11.6 Testing for the Circumvention of Work Flows](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.6_Testing_for_the_Circumvention_of_Work_Flows.md)
+#### [4.10.6 Testing for the Circumvention of Work Flows](4-Web_Application_Security_Testing/10-Business_Logic_Testing/06-Testing_for_the_Circumvention_of_Work_Flows.md)
 
-[4.11.7 Test Defenses Against Application Misuse](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.7_Test_Defenses_Against_Application_Misuse.md)
+#### [4.10.7 Test Defenses Against Application Misuse](4-Web_Application_Security_Testing/10-Business_Logic_Testing/07-Test_Defenses_Against_Application_Misuse.md)
 
-[4.11.8 Test Upload of Unexpected File Types](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.8_Test_Upload_of_Unexpected_File_Types.md)
+#### [4.10.8 Test Upload of Unexpected File Types](4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types.md)
 
-[4.11.9 Test Upload of Malicious Files](4_Web_Application_Security_Testing/4.11_Business_Logic_Testing/4.11.9_Test_Upload_of_Malicious_Files.md)
+#### [4.10.9 Test Upload of Malicious Files](4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files.md)
 
-**[4.12 Client Side Testing](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/)**
+### [4.11 Client Side Testing](4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md)
 
-[4.12.1 Testing for DOM-Based Cross Site Scripting](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.1_Testing_for_DOM-based_Cross_Site_Scripting.md)
+#### [4.11.1 Testing for DOM-Based Cross Site Scripting](4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.md)
 
-[4.12.2 Testing for JavaScript Execution](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.2_Testing_for_JavaScript_Execution.md)
+#### [4.11.2 Testing for JavaScript Execution](4-Web_Application_Security_Testing/11-Client_Side_Testing/02-Testing_for_JavaScript_Execution.md)
 
-[4.12.3 Testing for HTML Injection](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.3_Testing_for_HTML_Injection.md)
+#### [4.11.3 Testing for HTML Injection](4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md)
 
-[4.12.4 Testing for Client Side URL Redirect](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.4_Testing_for_Client_Side_URL_Redirect.md)
+#### [4.11.4 Testing for Client Side URL Redirect](4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect.md)
 
-[4.12.5 Testing for CSS Injection](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.5_Testing_for_CSS_Injection.md)
+#### [4.11.5 Testing for CSS Injection](4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md)
 
-[4.12.6 Testing for Client Side Resource Manipulation](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.6_Testing_for_Client_Side_Resource_Manipulation.md)
+#### [4.11.6 Testing for Client Side Resource Manipulation](4-Web_Application_Security_Testing/11-Client_Side_Testing/06-Testing_for_Client_Side_Resource_Manipulation.md)
 
-[4.12.7 Testing Cross Origin Resource Sharing](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Testing_Cross_Origin_Resource_Sharing.md)
+#### [4.11.7 Testing Cross Origin Resource Sharing](4-Web_Application_Security_Testing/11-Client_Side_Testing/07-Testing_Cross_Origin_Resource_Sharing.md)
 
-[4.12.8 Testing for Cross Site Flashing](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.8_Testing_for_Cross_Site_Flashing.md)
+#### [4.11.8 Testing for Cross Site Flashing](4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md)
 
-[4.12.9 Testing for Clickjacking](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking.md)
+#### [4.11.9 Testing for Clickjacking](4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md)
 
-[4.12.10 Testing WebSockets](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets.md)
+#### [4.11.10 Testing WebSockets](4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md)
 
-[4.12.11 Testing Web Messaging](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Testing_Web_Messaging.md)
+#### [4.11.11 Testing Web Messaging](4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md)
 
-[4.12.12 Testing Local Storage](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage.md)
+#### [4.11.12 Testing Local Storage](4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Web_Storage.md)
 
-[4.12.13 Testing for Cross Site Script Inclusion](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion.md)
+#### [4.11.13 Testing for Cross Site Script Inclusion](4-Web_Application_Security_Testing/11-Client_Side_Testing/13-Testing_for_Cross_Site_Script_Inclusion.md)
 
-## [5. Reporting](5_Reporting/5_Reporting.md)
+## [5. Reporting](5-Reporting/README.md)
 
-## [Appendix A: Testing Tools Resource](Appx.A_Testing_Tools_Resource/Appx.A_Testing_Tools.md)
+## [Appendix A: Testing Tools Resource](Appx.A_Testing_Tools_Resource/README.md)
 
 ### Security Testing Tools
 
@@ -312,21 +312,21 @@
 - [https://www.caine-live.net/index.html](https://www.caine-live.net/index.html)
 - [https://www.pentoo.ch/download/](https://www.pentoo.ch/download/)
 
-## [Appendix B: Suggested Reading](Appx.B_Suggested_Reading/Appx.B_Suggested_Reading.md)
+## [Appendix B: Suggested Reading](Appx.B_Suggested_Reading/README.md)
 
 - Whitepapers
 - Books
 - Useful Websites
 
-## [Appendix C: Fuzz Vectors](Appx.C_Fuzz_Vectors/Appx.C_Fuzz_Vectors.md)
+## [Appendix C: Fuzz Vectors](Appx.C_Fuzz_Vectors/README.md)
 
 - Fuzz Categories
 
-## [Appendix D: Encoded Injection](Appx.D_Encoded_Injection/Appx.D_Encoded_Injection.md)
+## [Appendix D: Encoded Injection](Appx.D_Encoded_Injection/README.md)
 
 - Input Encoding
 - Output Encoding
 
-## [Appendix E: Misc](Appx.E_Misc/Appx.E_History.md)
+## [Appendix E: Misc](Appx.E_Misc/README.md)
 
 - History
diff --git a/style_guide.md b/style_guide.md
index d44fb77522..9e09c1d557 100644
--- a/style_guide.md
+++ b/style_guide.md
@@ -75,7 +75,7 @@ For example, caption the first image shown in section 4.8, sub-section 19 as fol
 
 ```md
 ![SSTI XVWA Example](images/SSTI_XVWA.jpeg)\
-_Figure 4.8.19-1: SSTI XVWA Example_
+_Figure 4.7.19-1: SSTI XVWA Example_
 ```
 
 ### Inline Links
diff --git a/template/999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md b/template/999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md
similarity index 98%
rename from template/999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md
rename to template/999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md
index d130d534e3..01f6bbb1ec 100644
--- a/template/999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md
+++ b/template/999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md
@@ -1,5 +1,9 @@
 # Testing for a Cat in a Box
 
+|ID          |
+|------------|
+|WSTG-FOO-001|
+
 ## Summary
 
 A [box](https://en.wikipedia.org/wiki/Box) is a tangible object, typically made up of six rectangular sides. It typically has the ability to be open or closed, and to contain things. Boxes are often used to transport other objects, or to store objects temporarily or permanently. Boxes can be constructed from various materials, such as cardboard, wood, or steel.
diff --git a/template/999.2_Template_Explanation_WSTG-FOO-002.md b/template/999-Foo_Testing/2-Template_Explanation.md
similarity index 72%
rename from template/999.2_Template_Explanation_WSTG-FOO-002.md
rename to template/999-Foo_Testing/2-Template_Explanation.md
index 45c1d1bd29..2ddeac5b9e 100644
--- a/template/999.2_Template_Explanation_WSTG-FOO-002.md
+++ b/template/999-Foo_Testing/2-Template_Explanation.md
@@ -1,24 +1,33 @@
 # Article Template Explanation
 
+|ID          |
+|------------|
+|WSTG-FOO-002|
+
 ## How to Name Your File
 
 The file name format is:
 
-`<section>.<sub-section>_Article_Name_WSTG-<CODE>-<number>.md`
+`<number>-Article_Name.md`
 
 To name your file:
 
-- Replace `<section>`, `<subsection>`, and `<number>` with the appropriate integers. If you are unsure which section your article belongs in, post a comment in your [new content issue](https://github.com/OWASP/wstg/issues?q=is%3Aopen+is%3Aissue+label%3ANew) asking for input.
-- Replace `<CODE>` with the appropriate test type code. If you are unsure which code to use, post a comment in your [new content issue](https://github.com/OWASP/wstg/issues?q=is%3Aopen+is%3Aissue+label%3ANew) asking for input.
-- Write the article name in title case spaced with underscores for better URL encoding. If the article is titled, "Testing Foo Bypass in Bars" the file name component is: `Testing_Foo_Bypass_in_Bars`.
+- Replace `<number>` with the appropriate integer. If you are unsure which section your article belongs in, post a comment in your [new content issue](https://github.com/OWASP/wstg/issues?q=is%3Aopen+is%3Aissue+label%3ANew) asking for input.
+- Write the article name in title case spaced with underscores for better URL encoding. If the article is titled, "Testing Foo Bypass in Bars" the file name component is: `Testing_Foo_Bypass_in_Bars` (with a hyphen separating the `<number>` from the title).
 
 ## Article Sections
 
-The remainder of this document explains each section in the [article example](999.1_Testing_for_a_Cat_in_a_Box_WSTG-FOO-001.md).
+The remainder of this document explains each section in the [article example](999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md).
 
 ## Title
 
-The first line of the document is a title at level H1.
+The first line of the document is a title at level H1. Followed by a markdown table that includes the ID of the testing scenario. For example:
+
+```md
+|ID          |
+|------------|
+|WSTG-FOO-002|
+```
 
 ## Summary
 
diff --git a/template/images/box.jpg b/template/999-Foo_Testing/images/box.jpg
similarity index 100%
rename from template/images/box.jpg
rename to template/999-Foo_Testing/images/box.jpg
diff --git a/template/images/ghz-state.svg b/template/999-Foo_Testing/images/ghz-state.svg
similarity index 100%
rename from template/images/ghz-state.svg
rename to template/999-Foo_Testing/images/ghz-state.svg
diff --git a/template/README.md b/template/README.md
new file mode 100644
index 0000000000..f862b3acc2
--- /dev/null
+++ b/template/README.md
@@ -0,0 +1,3 @@
+# Test Scenario Template
+
+This area provides an [example template](999-Foo_Testing/1-Testing_for_a_Cat_in_a_Box.md) and [explanation of that template](999-Foo_Testing/2-Template_Explanation.md) for use in developing guide content. (They are based on fake chapter `999`.)