Fork me on GitHub

Test and Verification -> Dynamic depth for applications: Coverage of more input vectors

Risk and Opportunity

Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.

Exploit details

Usefullness: High
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low

Additional Information

Dependencies: Usage of different roles
OWASP SAMM 2 Mapping: v-security-testing|A|2