Web-Testing Methodology
baseline scanning
- BURP with deep automated scan
- OWASP ZAP baseline scan
- don’t forget to increase crawling timeout
- nuclei
manual evaluation
- directory enumeration
- browser-powered desync attacks
- clairvoyance for GraphQL automated schema generation
Authentication
Here, SSO is often a topic:
API-Testing
- spectral for Swagger analysis/linting