- What knowledge is needed?
- What software is to be used?
- How are the reports written? PS: Websites like facebook.com
Asked
Active
Viewed 5,893 times
-10
neOh
- 1
- 1
- 2
-
2This has been asked in several questions before, please try to do a simple search. – Lucas Kauffman Mar 31 '13 at 07:42
1 Answers
2
- General knowledge about how applications work and how to introduce atypical or unexpected behavior into the application that might pose a security threat. Please refer to the OWASP testing guide. https://www.owasp.org/index.php/OWASP_Testing_Project
- Depends, there are a lot of tools like Zap, Burp, BackTrack and of course homebrew scripts.
- That entirely depends on the tester, I've seen bad reports, I've seen good reports. Mostly you try to: describe the vulnerability, describe the risk and give a recommendation. You also rate the impact and probability such a vulnerability would actually be exploited.
Rory Alsop
- 61,367
- 12
- 115
- 320
Lucas Kauffman
- 54,169
- 17
- 112
- 196