3 - Reconnaissance and Preliminary Analysis

Objective

To delve deeper into the application’s structure and operational environment, refining the areas identified in the threat modeling phase for detailed security testing.

Activities

• Code and Route Analysis: Conduct an in-depth analysis of the application’s code and routing to identify potentially vulnerable endpoints and functions. The aim here is to pinpoint areas in the code that may be easily exploited.
• Runtime Examination: Investigate components active during the application’s runtime, such as XML parsers, File Upload, or other interesting features.
• Test List Formulation: Based on the initial reconnaissance findings, draft a preliminary list of security tests tailored to the vulnerabilities and risks identified. This list will direct the subsequent, more detailed testing phases. (Add them to the RTM)