. . . "Information such as source code, HTTP methods permitted, administrative functionality, authentication methods and infrastructural configurations can be obtained.
???Clearly, focusing only on the web application will not be an exhaustive test." .