9May
How is a penetration test of a web application performed in reality?
How penetration are tests usually conducted? I am learning some testing techniques like XSS, SQLi, Path traversal, etc. In each technique, there are many different possibilities, where only one might work. I can't imagine how long the test would take for a web application when I should try all possibilities.
Is it enough to rely on some scanners? For example, for SQL injection, I will use SQLmap. If it doesn’t find anything, is there a low probability that an injection is still possible somewhere?