Black Box Application Testing
The objective of a Black Box Application Security Review is to gauge the threat of both unauthorized outsiders and legitimate users compromising application security controls. This type of review is the most time effective method to gauge an application's exposure to real-world attack scenarios.
The GDS Black-Box methodology combines manual and automated dynamic security testing techniques, proprietary application security directives (ASDs), and the use of premier proprietary and commercial dynamic assessment tools in a consistent and repeatable process.
Testing is performed from all user perspectives, including anonymous through legitimate application users of all privileges. Custom "proof-of-concept" exploits are developed to demonstrate how select high-risk vulnerabilities can be used to compromise application security. This approach allows GDS to systematically identify potential security exposures and illustrate the associated risk to the application and business stakeholders.
GDS delivers a detailed and comprehensive report at the conclusion of each security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.
At the end of each Black Box application security assessment, GDS can offer the following related services:
- Regression testing of all items identified during the assessment
- Vulnerability Remediation Assistance and Project Management
- Source Code Review
- Custom Secure Application Development Training