Fork me on GitHub

Test and Verification -> Test-Intensity: Deactivating of unneeded tests

Risk and Opportunity

Risk: As tools cover a wide range of different vulnerability tests, they might not match the used compoents. Therefore, they need more time and resources as they need and the feedback loops takes too much time.
Opportunity: Unneeded tests are deactivated. For example in case the service is using a mongo database and no mysql database, the dynamic scan doesn't need to test for sql injections.

Exploit details

Usefullness: Very Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 2 Mapping: v-security-testing|A|2