June 2017
Intermediate to advanced
338 pages
8h 28m
English
The scope Section customizes things a little too finely to be used in a profile that is meant to fit multiple applications. This section includes options to scan HTTPS only, set path and subdomain limits, exclude paths based on strings, or limit the DOM tree depth. If you are conducting a white-box test or doing an internal penetration testing of the same application as a part of the SDLC, these options are a fantastic way to help focus the testing on the impacted areas rather than cast so large a net that the scan is prolonged and contains extraneous results. Keeping this in mind, let's move on.
We'll set our high-level scanning strategy with the audit options in figure following. When we are testing a server, ...
Read now
Unlock full access