Fork me on GitHub

Test and Verification -> Dynamic depth for applications: Coverage of more input vectors

Risk and Opportunity

Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.

Additional Information

Dependencies: Usage of different roles

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017