Test and Verification -> Test-Intensity: Deactivating of unneeded tests
Risk and Opportunity
Risk: As tools cover a wide range of different vulnerability tests, they might not match the used components. Therefore, they need more time and resources as they need and the feedback loops takes too much time.
Opportunity: Unneeded tests are deactivated. For example in case the service is using a Mongo database and no mysql database, the dynamic scan doesn't need to test for sql injections.
Usefulness and Requirements of this Activity
Usefullness: Very Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low
OWASP SAMM VERSION 2