While you map the application, you should analyze your findings to identify key attack surface. You can use this information to plan your approach for auditing the application.