Soon enough I will be attempting my first real pentest as a junior pentester in a company (not a CTF). It will be on a web app.
For a first pentest do you think it is sufficient to just follow the OWASP Guide and just check the following list: This list ? Is it the best methodology ?
Plus I heard about a mistake that junior pentester make and it is using scanner from the start. I was planning to do that (going all out with sqlmap, crawlers etc.) but then changed my mind. Are there any other red lines like that ?
Thank you for your help
http://dlvr.it/SjR6qC
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment