As I never learnt theoritical what is security testing, I learnt security testing while practically testing/ assessing the applications. Based on my experience,
1. Take only read only access for DB assessments.
2. Don’t touch data items of database.
3. Do assessments only at configuration level.
4. Use automated tools.
5. Better not go for manual assessments because of various practical cascading issues.
No comments:
Post a Comment