- About Us
- Contact Us
Penetration tests based on the Black Box method are essentially a simulation of attempted penetrations that are as authentic as possible. These tests are carried out without prior knowledge of the specialists performing the tests about the system being evaluated – with regard to both the infrastructure protecting the application, the application itself and its source code.
As opposed to the previous testing method, tests performed in accordance with the White Box method are carried out when the experts performing the tests are familiar with the internal characteristics of the system under evaluation – from both application and infrastructure aspects.
Tests performed according to the Gray Box method combine both the White Box and the Black Box methods, allowing the organization to choose which data to provide the experts conducting the tests with – in order to commence testing with the best starting point, based on different bits of information concerning the network and the application. Some experts regard this method as the most legitimate, since many hackers are exposed to a great deal of information about the infrastructures of the organization they are attempting to attack anyway, from economic/ technological publications, and from sales data they manage to acquire.
Additionally, in many cases, the organization is interested in exposing only partial information; tests performed according to the Gray Box method will meet this preference.
Application code review enables to find all the information security problems in a comprehensive and accurate manner. By reviewing the code of functions and objects, the specialist performing the test can identify information security deficiencies and locate problems that are more difficult to identify when carrying out regular penetration tests.
BugSec's experts have performed a large number of code reviews in Web environments, cellular device applications, server/client applications, Gateway applications – for screening content, etc.
Code reviews comprise a layer in the White Box testing method – which expose the system code to BugSec's experts who are performing the test. Code review services may save the organization a great deal of money at the later stages, since the provision of professional support by an information security expert during the writing of the application, and scanning the code during the early stages, will lead to the precise identification of information security deficiencies in the writing, which are much easier to repair during the early stage of development, rather than in later stages – when which modifications are ten times higher than those made in the early stages, as revealed by researchers.