What is Black Box testing?

Black box testing is the process of simulating a skilled attack, using the techniques and tools aimed to detect security vulnerabilities and exploit them.

Our experts will simulate a real attack on the application. The testing process covers a wide-range of application-level vulnerabilities as defined by OWASP and WASC, targeting potentially harmful vulnerabilities in your application.

The testing process will reveal the vulnerabilities, potential exploitation damage and severity.

The detailed report you receive will include recommendations that will assist you in securing your systems and protecting your companies' assets and integrity.

Vulnerabilities covered:

All application level vulnerabilities will be covered in the context of a Black Box test. Specifically, the testing methodologies used are OWASP and WASC, which provides full coverage over application level vulnerabilities. Some of the covered attacks:

	SQL Injection – taking control over the database
	Hidden Backdoors – used by attackers to easily infiltrate the system over and over
	Cross-site Scripting – injecting malicious code to innocent users browsers
	Cross-site Request Forgery – impersonating an innocent user and performing actions in his name
	Bypassing Authentication – taking over users and administrators accounts
	Authorization Breaches – doing unauthorized actions and access unauthorized information
	Bypassing Crypto – viewing confidential and private info by unauthorized people
	Open Redirects – an open door to phishing attacks and scams
	Command Injection – injecting commands to a remote server and taking over
	Forceful Browsing – bypassing restrictions and doing unauthorized actions
	Bypassing Business-Logic Restrictions – doing application-specific actions that are not authorized by the company's regulations
	LFI/RFI – injecting malicious code to a vulnerable application
	Denial of Service – making the application not available to remote users

And many more other vulnerabilities that can damage your company…