[OWASP-TESTING] Chapter 5 BlackBox Testing

Nishchal Bhalla nishchalbhalla at yahoo.ca
Mon Apr 5 00:46:49 EDT 2004

David/ Daniel,
I think i have all your comments included. 
David, I needed some more input in some of your comments.  Have included it after your comments in the attached version.

David Wong <dw280 at yahoo.com> wrote:

Comments and changes in the attached doc.
But here's a summary

- Goal for pen-test may not be to get root or shell
access. App security is just as important as getting
- It's not always more cost-effective than other
forms. I think grey-box is ultimately the best balance
- Main disadvantages are that you only see the exposed
UI. It's not holistic security. You don't see the
backend. You may or may not find out about security
through obscurity. Do you get a false sense of
security when the pen-test company comes back and says
you are "above average" :)

--- Nishchal Bhalla wrote:
> Hi 
> Attached are the details on black box testing.
> Please provide any/all feedback (recommended changes
> esp.).
> Thanks
> Nish.
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals

> ATTACHMENT part 2 application/msword

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 

> ATTACHMENT part 2 application/msword name=blackbox_dw.doc

Post your free ad now! Yahoo! Canada Personals
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040405/567a31cb/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blackbox_v2.doc
Type: application/msword
Size: 68096 bytes
Desc: blackbox_v2.doc
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040405/567a31cb/attachment.doc 

More information about the Owasp-testing mailing list