DEV Community

Discussion on: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start?

Collapse
 
thejoezack profile image
Joe Zack

Start with the OWASP top 10, in that order. By far most the most common problems are...well, the most common. :)

I also think that taking inventory of, and classifying the data that each system deals with is really important so you can prioritize your efforts.