June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Application Threat Modeling in real life
At the end of this chapter, I will provide a practical sample of an ATM document. If you feel that any of the items that I'm trying to discuss here are not clear (very theoretical), then I invite you to look at the example at the end of this chapter. If you want your team to be successful during the pentest phase, then you must do an ATM document prior to your penetration test activities. Let's take an example that I witness on a daily basis when I use this approach. A new project comes in, and the Project Manager (PM) contacts management, asking for an expert in application security, because they're going to build a new website. The management team then assigns you to that new project, which is still ...