Verify that all application components are identified and
are known to be needed.

ah. you are looking at point 1.1 under V1: Architecture, design and threat modelling

I read “Verify that all application components are identified and are known to be needed” as list all the stuff and know that you need it. example: You run on a Linux-Apache-MSql-Perl (LAMP) machine, but you you don’t use perl.

Yes. I was reading that.

As a Black box tester and If There is no wiki available to know what components or third party components used in the application. How to know it

Start by fingerprinting the server and working outward from there. https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)

Thank you. Online tools are helpful.

I tried httpprint, but was receiving error in establishing connection.
I tried input file as

inputs for httprint can be:

- individual IP addresses (default port 80)

- http://servername:[port]/

- https://servername:[port]/

- IP ranges xx.xx.xx.xx-yy.yy.yy.yy

https://www.websitename.com:80

Also used: Web Developer tools → Network : to find out details of server details.