This week I worked on a website #cPXqk, it was tough to test the site as it was using an outdated design pattern. 99% of the site is loaded through iFrames and scripts, so it was tedious to track which page I was currently looking at.
Thankfully, there is a checklist provided for us to go through, so I didn't feel lost when testing the site. Ran an active scan which found a few possible injection points, tried to inject characters manually but did not get very far into it.
This made me realize that even though active scan tries to probe for a lot of things; I have already found most, if not all of it through manually crawling through the site and requests. This would be a really helpful tool once I'm more experience to know what are the possible vulnerabilities the scan would miss out on.
Supervisor commented that I had a "good catch" for the previous week's report.