Verification Tools
6.2 Verification tools
Verification is one of the business functions described by the OWASP SAMM.
The SAMM Security Testing activity describes the use of both automated security testing and manual expert security testing to discover security defects. This security testing should be automated as part of the development, build and deployment processes; and can be complemented with regular manual security penetration tests.
Automated security testing tools are fast and scale well to numerous applications, whereas manual security testing of high-risk components requires good knowledge of the application and its business logic.
Sections:
6.2.1 DAST tools
6.2.2 Amass
6.2.3 Offensive Web Testing Framework
6.2.4 Nettacker
6.2.5 OWASP Secure Headers Project
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.