Prioritize Vulnerabilities

As you work through the list of web applications prior to testing them, you need to decide which vulnerabilities are worth eliminating and which aren’t too worrisome. The fact of the matter is that most web applications have many vulnerabilities. For instance, take a look Sucuri's Q2 hacked websites report which analyzed 9000 infected websites and categorized them by platform.


hacked websites report

Eliminating all vulnerabilities from all web applications just isn’t possible or even worth your time. Even after categorizing your applications according to importance, it will take considerable amounts of time to test them all. By limiting yourself to testing for only the most threatening vulnerabilities, you will save a ton of time and will get through the work a lot more quickly.



As far as determining which vulnerabilities to focus on, that really depends on the applications you’re using. There are a few standard security measures that should be implemented (discussed further below) however applications-specific vulnerabilities need to be researched and analyzed.



Keep in mind as well that as testing unfolds, you may realize that you have overlooked certain issues. Don’t be afraid to put the testing on hold in order to regroup and focus on additional vulnerabilities. Finally, remember that in the future, this work will be much easier, as you are starting from scratch now and won’t be later.