Test and Verification -> Dynamic depth for applications: Simple Scan
Risk and Opportunity
Risk: Deficient security tests are performed. Simple vulnerabilities are not detected and missing security configurations (e.g. headers) are not set. Fast feedback is not given.
Opportunity: A simple scan is performed to get a security baseline. In case the test is done in under 10 minutes, it should be part of the build and deployment process.
Dependencies: Defined build process
- OWASP Zap, Link, Tags: vulnerability scanner
- Arachni, , Tags:
Warning: Undefined array key "tags" in /var/www/html/detail.php on line 105
Warning: foreach() argument must be of type array|object, null given in /var/www/html/detail.php on line 105
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low
OWASP SAMM VERSION 2