Test and Verification -> Test-Intensity: Creation and application of a testing concept
Risk and Opportunity
Risk: Scans might use a too small or too high test intensity.
Opportunity: A testing concept considering the amount of time per scan/intensity is created and applied. A dynamic analysis needs more time than a static analysis. The dynamic scan, depending on the test intensity might be performed on every commit, every night, every week or once in a month.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium
OWASP SAMM 2 Mapping: v-security-testing|A|2
ISO27001:2017 Controls Mapping: