- OWASP ZAP
- WVS
- AppScan
- BurpSuite
- Sqlmap
Security testing concerns dimensions
transmission:
- Sensitive information transmission encryption
- Link encryption
interface:
- Access control
parameter:
- Injection: SQL injection, command injection, file injection
- Exceeding authority: overriding higher authority, overriding authority of the same level
Establish a safety testing process
White box code analysis: automation
- sonar, findbugs, etc.
Heihe scanning mechanism: automation
- zap、wvs、burpsuite、appscan、SQLmap
Business process security exploration: manual testing
- buipsuite、ZAP
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。