TestAndVerification -> Dynamic depth for applications: Coverage of more input vectors
Risk and Opportunity
Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.
Usefulness and Requirements of this Activitiy
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low
Dependencies: Usage of different roles
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001 - too specific