Attacks and tests
List of attacks and tests performed during penetration testing
Using automatic and manual tools aimed to audit a full, comprehensive Black Box test, the auditor has another tool which is accessing the system’s internal structures and code. Gray Box is a Black Box test, whereby an auditor simulates a real, skilled attacker, combined with a White Box test, where a highly experienced auditor tests for insecure code which can put the application in jeopardy.
A Gray Box test provides a full system inspection, from both the developer’s perspective and a real malicious hacker’s perspective. It provides full coverage of a wide variety of vulnerabilities and enumerating all potential risks to a given system.
Gray Box test provides a full, comprehensive test which results in a hybrid between finding vulnerabilities which are relevant for both White Box test and a Black Box test. The testing methodologies are OWASP and WASC methodologies which cover wide-range of application security vulnerabilities. Some of the covered vulnerabilities: