I am looking for ways to manually do some security testing without using any tools. Is this possible?
While it is possible to conduct manual security testing, it is very difficult. Not only would you need to know the pages that need to be hit, but you would need to know the commands/calls that are executed, you would need to know the format or the parameters in the commands/calls. There will still be some areas that could be missed.
The answer is it depends. You can learn a lot from the OWASP (https://www.owasp.org/index.php/Main_Page) project and other such sites for how to test flaws manually. The reality is that many of these are hard to detect under dynamic execution. Some defects are better spotted with static code analysis (code review), or using static code analysis tools.
StickyMinds is a TechWell community.
Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.