Home ⤏ BLACK-BOX TESTING
What is Black Box Testing?
Black box testing is the process of simulating a skilled attack, using the techniques and tools aimed to detect security vulnerabilities and exploit them.
Broken Cipher experts will simulate a real attack on the application. The testing process covers a wide range of application-level vulnerabilities as defined by OWASP, targeting potentially harmful vulnerabilities in your application.
The testing process will reveal the vulnerabilities, potential exploitation damage and severity.
The detailed report you receive will include recommendations that will assist you in securing your systems and protecting your companies’ assets and integrity.
Vulnerabilities Covered
All application level vulnerabilities will be covered in the context of a Black Box test. Specifically, the testing methodology used is OWASP, which provides full coverage over application level vulnerabilities. Some of the covered attacks:
- SQL Injection – taking control over the database
- Hidden Backdoors – used by attackers to easily infiltrate the system over and over
- Cross-site Scripting – injecting malicious code to innocent user browsers
- Cross-site Request Forgery – impersonating an innocent user and performing actions in his name
- Bypassing Authentication – taking over user and administrator accounts
- Authorization Breaches – performing unauthorized actions and accessing unauthorized information
- Bypassing Crypto – viewing confidential and private information by unauthorized people
- Open Redirects – an open door to phishing attacks and scams
- Command Injection – injecting commands to a remote server and taking over
- Forceful Browsing – bypassing restrictions and performing unauthorized actions
- Bypassing Business-Logic Restrictions – performing application-specific actions that are not authorized by the company’s regulations
- LFI/RFI – injecting malicious code to a vulnerable application
- Denial of Service – making the application unavailable to remote users
Penetration Testing
Social Engineering
Web Application Testing
Infrastructure Testing
– External PenTest
– Internal PenTest