re: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? VIEW POST


As @andrew_brown pointed out OWASP and Kali have a lot of amazing tools. I would recommend every company to use ZAP from OWASP as a good starting point. It has a big list of automated tests which of course need you to verify afterwards manually or using other tools but it does warn on many things.

code of conduct - report abuse