Scoping
Try expanding the scope when discussing the Statment of work with clients (SoW); Real threat actors (TAs) don't have specific scope, Nor attack during work hours. They are not kind and gracious.
Scoping
APIs
- No. of unique APIs
- No. Methods
- Versions
- Features
- Authentication and authorization mechanisms
- Roles and privileges
- WAF enabled?