Test and Verification -> Dynamic depth for applications: Coverage of more input vectors
Risk and Opportunity
Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low
Dependencies: Usage of different roles
OWASP SAMM 2 Mapping: v-security-testing|A|2
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific