Manual testing
This is the stage where the tester's presence of mind helps him find various vulnerabilities in the application. In this phase, the attacker manually tests for flaws by fuzzing different input fields and checking the application response. There are times where a scanner will not be able to find certain vulnerabilities and user intervention is much needed, and this is where manual testing prospers. Certain vulnerabilities tend to be missed out by automated scanners, such as :
- Various business logic flaws
- Second-order SQL injection
- Pentesting cryptographic parameters
- Privilege escalation
- Sensitive information disclosures
推薦閱讀
- Extending Symfony2 Web Application Framework
- 數(shù)據(jù)恢復(fù)方法及案例分析
- API安全實(shí)戰(zhàn)
- Preventing Digital Extortion
- Python Penetration Testing Cookbook
- 網(wǎng)絡(luò)安全技術(shù)與實(shí)訓(xùn)(第4版)(微課版)
- CTF競(jìng)賽權(quán)威指南(Pwn篇)
- 解密數(shù)據(jù)恢復(fù)
- 博弈論與數(shù)據(jù)安全
- 復(fù)雜信息系統(tǒng)網(wǎng)絡(luò)安全體系建設(shè)指南
- Mastering Malware Analysis
- 云計(jì)算安全防護(hù)技術(shù)
- Android Application Security Essentials
- 數(shù)字銀行安全體系構(gòu)建
- 網(wǎng)絡(luò)空間安全實(shí)戰(zhàn)基礎(chǔ)