The role of automated penetration testing tools
It is not possible to complete OWASP ASVS verification using automated penetration testing tools alone. Whilst many of the requirements in Level 1 can be performed using automated tests, the overall majority of requirements are not amenable to automated penetration testing.
As the application security industry matures, the lines between automated and manual testing have blurred. Automated tools are now often manually tuned by experts, and manual testers often leverage a wide variety of automated tools.
In the next blog post, we will look into Level 1 to 3 in further detail, exploring what the different levels entail.
This blog post is based on contents provided by OWASP, and it follows a Creative Commons Attribution ShareAlike 3.0 license.