Closed swgee closed 8 months ago
github-actions[bot]
commented
8 months ago The following links are broken: FILE:document/2-Introduction/README.md [✖] https://www.it-cisq.org/the-cost-of-poor-software-quality-in-the-us-a-2020-report/ → Status: 403 [✖] https://www.ffiec.gov/cyberassessmenttool.htm → Status: 403
kingthorin
commented
8 months ago Link check 403s are false positive.
github-actions[bot]
commented
8 months ago The following links are broken: FILE:document/2-Introduction/README.md [✖] https://www.it-cisq.org/the-cost-of-poor-software-quality-in-the-us-a-2020-report/ → Status: 403 [✖] https://www.ffiec.gov/cyberassessmenttool.htm → Status: 403
Add a header to the introduction page recommending disabling compensating controls such as a WAF. Testers can use this section to provide product teams with an authoritative resource on how to set up a penetration test effectively.
There is a widespread belief that penetration tests should be conducted in a black-box setting as this is more realistic. While true, the goal of this PR is to help educate that white-box penetration tests without compensating controls are much more effective in securing an application.