[OWASP-TESTING] Chapter 5 BlackBox Testing

David Wong dw280 at yahoo.com
Thu Apr 1 11:18:12 EST 2004


Nish,

Comments and changes in the attached doc.
But here's a summary

- Goal for pen-test may not be to get root or shell
access. App security is just as important as getting
root/admin.
- It's not always more cost-effective than other
forms. I think grey-box is ultimately the best balance
- Main disadvantages are that you only see the exposed
UI. It's not holistic security. You don't see the
backend. You may or may not find out about security
through obscurity. Do you get a false sense of
security when the pen-test company comes back and says
you are "above average" :)

--- Nishchal Bhalla <nishchalbhalla at yahoo.ca> wrote:
> Hi 
>  
> Attached are the details on black box testing.
> Please provide any/all feedback (recommended changes
> esp.).
>  
> Thanks
>  
> Nish.
>  
>  
> 
> 
> 
> 
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
> 

> ATTACHMENT part 2 application/msword
name=blackbox.doc



__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blackbox_dw.doc
Type: application/msword
Size: 66048 bytes
Desc: blackbox_dw.doc
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040401/c0e25f23/attachment.doc 


More information about the Owasp-testing mailing list