GDS Fast Fact

Black Box Application Testing and Source Code Review assessments can be supplemented with an optional follow-up training course geared towards educating application developers about security.

Black Box Application Testing

The objective of a Black Box Application Security Review is to gauge the threat of both unauthorized outsiders and legitimate users compromising application security controls. This type of review is the most time effective method to gauge an application's exposure to real-world attack scenarios.

Approach

The GDS Black-Box methodology combines manual and automated dynamic security testing techniques, proprietary application security directives (ASDs), and the use of premier proprietary and commercial dynamic assessment tools in a consistent and repeatable process.

GDS_ASD

Testing is performed from all user perspectives, including anonymous through legitimate application users of all privileges. Custom "proof-of-concept" exploits are developed to demonstrate how select high-risk vulnerabilities can be used to compromise application security. This approach allows GDS to systematically identify potential security exposures and illustrate the associated risk to the application and business stakeholders.

Deliverables

GDS delivers a detailed and comprehensive report at the conclusion of each security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.

Related Services

At the end of each Black Box application security assessment, GDS can offer the following related services:

Strategic Partners

HP, Fortify Software

If you would like to learn more about having GDS conduct a Black Box test against your application, please email us for more information, or call your nearest GDS office.