Home page logo

pen-test logo Penetration Testing mailing list archives

RE: White Box Testing
From: admin () systemstates net
Date: Sun, 06 Jul 2008 00:42:35 -0700

Yousif () Vapt-Sec com wrote: 

Let's say a client wants an internal assessment. In this 
example, perhaps they don't want to securely send code or 
files to be reviewed and secured. More than one person is 
on the job, how can we do this remotely in real-time in 
any other way with full control of the system if there's 
more than person? -- What software exactly?

Not quite sure what you mean, but a "white box" test is one 
with full information. If they don't let you have access to 
the source code somehow, then it's not a white box test. For 
the latter, doesn't matter if they send you a copy, or if you 
log into a server of theirs which has the source code set up.

On the other hand you could do an internal test - in a sense
- which was not a white box test, if they want you to test
from inside their firewall. 

Shouldn't be any problems for more than one person to review 
how the system works, but if you're going to try to break it
you need to exactly how much disruption your client is 
prepared to put up with. And make sure you are starting with
a contract which explicitly states what you're going to do.


www.systemstates.net - penetration test / IDS / incident response

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]