June 2017
Intermediate to advanced
338 pages
8h 28m
English
Several of the tools we've discussed will do a pretty good job of assessing the severity of a vulnerability as compared to common test frameworks or ranked lists (such as the OWASP Top 10 that has helped to guide our work here). Some of those artifacts, such as the sample Arachni report output shown in the following screenshot, can help provide an objective ranking of the vulnerabilities and guide further testing. What these rankings cannot provide, however, is the target environment's context. Some highly rated risks, for instance, may have limited impact in a particular target due to the sparing use of that technology or the fact that it is only deployed in a low-privilege function or sub-portal. While ...
Read now
Unlock full access