Manual testing
This is the stage where the tester's presence of mind helps him find various vulnerabilities in the application. In this phase, the attacker manually tests for flaws by fuzzing different input fields and checking the application response. There are times where a scanner will not be able to find certain vulnerabilities and user intervention is much needed, and this is where manual testing prospers. Certain vulnerabilities tend to be missed out by automated scanners, such as :
- Various business logic flaws
- Second-order SQL injection
- Pentesting cryptographic parameters
- Privilege escalation
- Sensitive information disclosures