How can i regularly monitor if entry points of different websites has changed?
The Boundary Conditions are:
(1) Websites cannot be modified itself; means i test solely from outside
(2) Websites are dynamic; means website content changes
(3) Websites are of different technologies; means it could consist of: php, js, .net, java, ajax, pyhton, perl, etc.
(4) I´ve no access to the source-code
The background is: I want to be notified if functional changes of the site lead to changed entry points and in this way to a greater attack surface.
E.g. - the process is as follows:
(1) Agency develop website
(2) i test the site before site has "GoLive" -> i do this with black box penetration testing from outside
(3) Agency fixes found vulnerabilities until i´m satisfied with it
(4) i give the permission to "GoLive"
(5) EVERY FUNCTIONAL CHANGE ON WEBSITE THROUGH AGENCY WILL BE DETECTED BY ME!
Ok, i guess this is not completely/efficiently possible but at least i want to detect changes on entry points at the first stage!