Gray Box Penetration Testing

Vulnerabilities Covered

Gray Box test provides a full, comprehensive test which results in a hybrid between finding vulnerabilities which are relevant for both White Box test and a Black Box test. The testing methodologies are OWASP and WASC methodologies which cover wide-range of application security vulnerabilities. Some of the covered vulnerabilities:

• SQL Injection – taking control over the database
• Hidden Backdoors – used by attackers to easily infiltrate the system over and over
• Cross-Site Scripting (XSS) – injecting malicious code into innocent user’s browsers
• Cross-Site Request Forgery (CSRF) – impersonating an innocent user and performing actions in his name
• Bypassing Authentication – taking over users and administrators accounts
• Authorization Breaches – performing unauthorized actions and accessing unauthorized information
• Bypassing Crypto – viewing of confidential and private info by unauthorized people
• Open Redirects – an open door to phishing attacks and scams
• Command Injection – injecting commands to a remote server and taking over
• Forceful Browsing – bypassing restrictions and perfoming unauthorized actions
• Bypassing Business-Logic Restrictions – performing application-specific actions that are not authorized by the company’s regulations
• LFI/RFI – injecting malicious code to a vulnerable application
• Denial of Service – making the application unavailable to remote users