Web app vulnerability scanning: how many URLs to check?
Scanning all of spidered URLs with a tool such as OWASP Zap can be computationally expensive on large apps. Have there been any studies on the adequate number of URLs (just the unique resources) to scan to have, let’s say, 95% confidence l…