Fork me on GitHub

Test and Verification -> Dynamic depth for applications: Simple Scan

Risk and Opportunity

Risk: Deficient security tests are performed. Simple vulnerabilities are not detected and missing security configurations (e.g. headers) are not set. Fast feedback is not given.
Opportunity: A simple scan is performed to get a security baseline. In case the test is done in under 10 minutes, it should be part of the build and deployment process.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints:
OWASP SAMM 1 Mapping: ST2
OWASP SAMM 2 Mapping: v-security-testing|A|1
ISO27001:2017 Controls Mapping: