Safety inspection by Black Box and Gray Box testing
SERVICES
Outside perimeter testing without access granting
Black Box penetration testing
Black Box
It is a method of web-resource testing where the functionality is analyzed without code examination, realization details and using information of its interior arrangement. This approach is very similar to a cyberattack. However, due to its insufficiency it complicates detection of vulnerabilities for which management access is needed.
Advantages of the method
The method imitates behavior of a user who does not have any information regarding interior arrangement of a program. Black Box testing is used for functional, regression, usability, smoke and GUI testing.
Fast software diagnostics of functional specifications
Testing from the perspective of a user
Test-cases immediately after preparation of specification
Outside and inside perimeter testing
Gray Box penetration testing
Gray Box
This is a method of testing of web-resources where the functionality is examined through the use of non-public access or other information. At this stage specialists are provided with additional rights to the access and non-public functionality is tested. The tests are based on the information given by a client (the algorithm, the architecture, the description of technical specifications of the assessed system, etc.)
Advantages of the method
The audit is more sufficient as some additional information about a web-resource and its detailed settings are revealed to the auditors. The following procedures can be done by this method: functional, regression, matrix, usability, smoke, GUI, pattern and orthogonal array testing.
Possibility to design and operate more complicated testing scripts
The method improves time of functional and non-functional testing
Improved process efficiency of web-resource testing
Defining the objectives
1
2
3
4
You present the list of applications to be tested
1
2
3
4
1
2
3
4
How does it work?
Identifying the vulnerabilitie
We design scenarios of intruders' attacks on the client-side and the server-side examining the exchange channels
Report generation
We describe the identified weaknesses and provide you with detailed recommendations for correction
Double check
After applying the correction plan we do follow-up audit