Hi all,
My simple question is:
When You are conducting a security audit for a web application what do you go to
test? The security threats that are used in order to discover if they are properly secured or do you prioritize to test the security threats that you suppose that aren't secured?