Fork me on GitHub

TestAndVerification -> Test-Intensity: Deactivating of unneeded tests

Risk and Opportunity

Risk: As tools cover a wide range of different vulnerability tests, they might not match the used components. Therefore, they need more time and resources as they need and the feedback loops takes too much time.
Opportunity: Unneeded tests are deactivated. For example in case the service is using a Mongo database and no mysql database, the dynamic scan doesn't need to test for sql injections.

Usefulness and Requirements of this Activitiy

Usefullness: Very Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

Additional Information

OWASP SAMM VERSION 2

ISO27001 2017