3.2 - Runtime Examination
Goal
The objective is to manually investigate critical runtime components and functionalities of the application to uncover vulnerabilities that manifest during its operation. This hands-on approach aims to identify issues with dynamic processes such as data handling by XML parsers, file uploads, and other runtime features.
How to Execute
- Identify Key Runtime Components
- Description: Manually identify and list the application components that are crucial during runtime, such as XML parsers, file upload mechanisms, authentication processes, and dynamic data processing modules.
- Tools/Techniques:
- Engage in exploratory testing sessions where team members interact with the application to map out how these components function under various conditions.
- Use manual tracing of data flow during runtime to understand how data is handled and manipulated across different components.
- Output: A detailed list and description of key runtime components, focusing on their functional roles and potential security concerns.