DEV Community

Discussion on: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start?

Collapse
 
crimsonmed profile image
Médéric Burlet • Edited

As @andrew_brown pointed out OWASP and Kali have a lot of amazing tools. I would recommend every company to use ZAP from OWASP as a good starting point. It has a big list of automated tests which of course need you to verify afterwards manually or using other tools but it does warn on many things.

owasp.org/index.php/OWASP_Zed_Atta...