Web Application Testing
Black Box Assessment
Taking on the position of an anonymous malicious threat actor, the penetration tester is provided only the URL of the application. If there is a signup or registration element to the application this can also be included in the scope of work.
Grey Box Assessment
Representing a threat to the application from an authorized user, the penetration tester is provided with access to the application, but no information on its architecture, user base, or the technologies used.
White Box Assessment –
The penetration tester is provided with access to the application, full details of its architecture, user rights assignment.
A full technical report
will include the following:
whether the objective was completed and recommendations of any remedial action that should be taken.
and the vulnerability's current state.
The system, URL, or process that contains the vulnerability
How the vulnerability was exploited
The risk posed to the organization
Full technical details of how to replicate the vulnerability
Appendices – Vulnerability output that was noted in the engagement