[OWASP-TESTING] Chapter 5 BlackBox Testing

Nishchal Bhalla nishchalbhalla at yahoo.ca
Thu Apr 1 12:01:20 EST 2004


Thanks, I agree with most of the changes, I shall include them and send an update out in the next couple of days.
 
nish.

David Wong <dw280 at yahoo.com> wrote:
Nish,

Comments and changes in the attached doc.
But here's a summary

- Goal for pen-test may not be to get root or shell
access. App security is just as important as getting
root/admin.
- It's not always more cost-effective than other
forms. I think grey-box is ultimately the best balance
- Main disadvantages are that you only see the exposed
UI. It's not holistic security. You don't see the
backend. You may or may not find out about security
through obscurity. Do you get a false sense of
security when the pen-test company comes back and says
you are "above average" :)

--- Nishchal Bhalla wrote:
> Hi 
> 
> Attached are the details on black box testing.
> Please provide any/all feedback (recommended changes
> esp.).
> 
> Thanks
> 
> Nish.
> 
> 
> 
> 
> 
> 
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
> 

> ATTACHMENT part 2 application/msword
name=blackbox.doc



__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

> ATTACHMENT part 2 application/msword name=blackbox_dw.doc



---------------------------------
Post your free ad now! Yahoo! Canada Personals
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040401/f7ba155c/attachment.html 


More information about the Owasp-testing mailing list