You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: current-version/2-Process/2-4-Operation/2-4-3-Pentest.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,14 +22,6 @@ Regardless of the approach, penetration testers will generally follow publicly-a
22
22
-[OWASP Top 10 API](https://owasp.org/API-Security/editions/2023/en/0x11-t10/) - Most common security risks and vulnerabilities for APIs.
23
23
-[OWASP Mobile Top 10](https://owasp.org/www-project-mobile-top-10/) - A list containing the most common and impactful mobile application security vulnerabilities.
24
24
25
-
### Tools
26
-
27
-
There are several tools that can help while performing penetration test against applications. The most common are:
28
-
-[BurpSuite](https://portswigger.net/burp) - A comprehensive software tool used for web application security testing. Key features include a proxy for intercepting and modifying web traffic, a scanner for automated vulnerability detection and tools for performing manual testing, such as repeater, intruder and so forth.
29
-
-[OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org) - An open-source web proxy similar that has features similar to BurpSuite's.
30
-
-[Postman](https://www.postman.com/) - API testing tool that allows sending various HTTP requests, manipulating headers and automating tests. It helps identify vulnerabilities like authentication issues and data exposure, integrating with other security tools for comprehensive analysis.
31
-
-[MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - Automated, open-source tool for security testing and analyzing mobile applications, supporting both Android and iOS platforms.
32
-
33
25
### Process Overview
34
26
35
27
#### Assembling the team
@@ -84,6 +76,14 @@ Upon completing all tests, the penetration testing team will begin compiling a c
84
76
85
77
Lastly, after delivering the report and initiating the vulnerability management process, the penetration testing team will retest all vulnerabilities that developers consider fixed. This retesting ensures that each vulnerability has been successfully addressed and that no bypasses to the newly implemented security controls exist.
86
78
79
+
### Tools
80
+
81
+
There are several tools that can help while performing penetration test against applications. The most common are:
82
+
-[BurpSuite](https://portswigger.net/burp) - A comprehensive software tool used for web application security testing. Key features include a proxy for intercepting and modifying web traffic, a scanner for automated vulnerability detection and tools for performing manual testing, such as repeater, intruder and so forth.
83
+
-[OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org) - An open-source web proxy similar that has features similar to BurpSuite's.
84
+
-[Postman](https://www.postman.com/) - API testing tool that allows sending various HTTP requests, manipulating headers and automating tests. It helps identify vulnerabilities like authentication issues and data exposure, integrating with other security tools for comprehensive analysis.
85
+
-[MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - Automated, open-source tool for security testing and analyzing mobile applications, supporting both Android and iOS platforms.
0 commit comments