re: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? VIEW POST

FULL DISCUSSION
 

As @andrew_brown pointed out OWASP and Kali have a lot of amazing tools. I would recommend every company to use ZAP from OWASP as a good starting point. It has a big list of automated tests which of course need you to verify afterwards manually or using other tools but it does warn on many things.

owasp.org/index.php/OWASP_Zed_Atta...

code of conduct - report abuse