Analyzing the attack surface
After you map the content and functionality of your application, you can analyze the attack surface. This enables you to plan your workflow and identify areas that may have vulnerabilities.
To analyze the attack surface, review the contents of the Proxy history and the site map. You can use the following site map features:
-
Select branches of the site map tree and use the Target analyzer function to identify all of the dynamic URLs and parameters.
-
Use the display filter and sortable contents pane to systematically work through a complex site map. This enables you to understand where different kinds of interesting content reside.
-
Annotate items with highlights and notes, to describe their purpose or identify interesting items to come back to.