Slijede razlike između dviju inačica stranice.
Starije izmjene na obje strane Starija izmjena Novija izmjena | Starija izmjena | ||
racfor_wiki:dinamicka_analiza_sigurnosti_aplikacija [2021/01/16 18:01] smatesic [Zaključak] |
racfor_wiki:dinamicka_analiza_sigurnosti_aplikacija [2023/06/19 18:17] (trenutno) |
||
---|---|---|---|
Redak 55: | Redak 55: | ||
The target URL will be http:// | The target URL will be http:// | ||
+ | {{: | ||
- | ===== Zaključak | + | Scan results are shown in the image above. As the image shows, ZAP can provide information on the most common and dangerous vulnerabilities. |
+ | ===== Conclusion | ||
Even though certain drawbacks keep it from being the ultimate security testing method in all cases, dynamic testing still presents a valuable method of testing in most cases, and even the best in some scenarios. To utilize its potential to the fullest, a combination of manual testing and automated tool-based testing is recommended. | Even though certain drawbacks keep it from being the ultimate security testing method in all cases, dynamic testing still presents a valuable method of testing in most cases, and even the best in some scenarios. To utilize its potential to the fullest, a combination of manual testing and automated tool-based testing is recommended. | ||
Many very good tools exist, some of which are open source, so that even the penetration-testing enthusiasts can test their applications to improve upon their development. Other, commercial tools, serve to improve professional testing quality and reduce costs which can help mitigate a lot of threats to data security which are present because testing bears a greater price than many would accept. | Many very good tools exist, some of which are open source, so that even the penetration-testing enthusiasts can test their applications to improve upon their development. Other, commercial tools, serve to improve professional testing quality and reduce costs which can help mitigate a lot of threats to data security which are present because testing bears a greater price than many would accept. | ||
+ | To make sure a system is secure in a broader set of scenarios, a hybrid method should be used - a combination of dynamic and static testing. | ||
+ | This would allow for a tester to assess the full security profile of a system. | ||
- | ===== Literatura | + | ===== Sources |
[1] IBM, Cost of a Data Breach Study Report highlights, https:// | [1] IBM, Cost of a Data Breach Study Report highlights, https:// |