Black Box assessments are carried out with almost no prior knowledge for the attacker. Break Security consultants produce their attacks from within the application like an actual hacker. There, they try to identify any insecure configurations inside the application. Then, the consultants use a number of automated application scanners and manual tests to locate vulnerabilities on the website. Black Box assessments are carried out with a lack of deep understanding for the application and how it runs. The consultants also have no access to the source code. In essence, the Black Box assessment is largely composed of automated scanning with manual identification, verification, and exploitation.
This assessment provides that largest value in that it is performed in conjunction with an in-depth assessment of the app itself. That is to say, the underlying logic of the app is well-understood by out consultants to make attacking it and manipulating much more intuitive. Break Security manually delves into the totality of the app from the form field and other parameters to any potential logic flaws that could be exploited to identify exposures that the pure source code audits might have missed. The Grey Box assessments employ 90% manual efforts along with 10% automated application scanners.
A White Box application security assessment involves a pure source code audit of a particular application. At Break Security, we take considerable precautions during the source code assessments because of the delicate nature of each application. Every application is inspected and give a line-by-line review to make sure that proper protective controls are in place. Both automated source code analysis tools and manual reviews are used in order to produce extensive identification procedures. White Box assessments are the most holistic security assessments for applications.
If you are interested in a specific type of assessment or you are just looking for more information, don’t hesitate to contact us at any moment.