-
-
Notifications
You must be signed in to change notification settings - Fork 0
Playbook AppSec Assessment
Hermes Agent edited this page Jul 11, 2026
·
1 revision
Assess application behavior and security posture across authn, authz, API, and abuse-path concerns.
- app context
- endpoints or user flows
- code/config/docs
- authorized test context if applicable
Typically security-appsec-assessment, with support from code review, recon, offensive validation, and QA as needed.
- intake and scoping
- evidence review
- hypothesis formation
- targeted analysis or validation
- synthesis
- QA
- scope is explicit
- evidence supports practical claims
- QA pass before final report
- findings and observations
- missing evidence list
- remediation guidance
Unauthorized external testing is out of scope.
Assess whether a shared workflow lets a low-privilege user consume a stronger capability than intended.