loading...

re: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: OWASP has a great web app testing methodology guide to walk you through a bunch of checks: owasp.org/index.php/Web_Applicatio... These are kind of...
 

Also, business logic inconsistencies and access control misconfigurations (or failures) are something I prioritize, as these are the kind of things an automated scanner or tool is not really able to find.

code of conduct - report abuse