Test and Verification -> Dynamic depth for applications: Coverage of more input vectors
Risk and Opportunity
Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low
Dependencies: Usage of different roles
OWASP SAMM 2 Mapping: v-security-testing|A|2