June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security risks
The ATM document is not a replacement for risk assessment, but it is a guide for you to get only the high-level application security risks.
Always ask the following questions to get a quick risk level of the application as a whole:
- Does the application handle any confidential data? Y/N
- Does the application write data to the backend? Y/N
- Any impact on the company's public image? Y/N
- Any impact on the company's clients? Y/N
- Is the application accessible from the internet? Y/N
- Is the application accessible from mobile devices? Y/N
- Does the application interact with third-party services? Y/N
- Is the application developed by a third-party? Y/N
Wait, there is more—this is just an overall questionnaire that can give you a head start. ...