I agree both black and whitebox testing should be used.
While white box testing will uncover more holes, blackbox testing
is a great way of first uncovering the obvious holes a kiddie, or
more experienced http hacker will find. Maybe starting off on a blackbox
testing for such obvious holes, then moving onto whitebox testing
would be the best way. This way your mind is looking at it from
both the point of view of the whitehat auditor and the blackhat
who wants to get into your system.

- zenocgisecurity.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]