WHAT IS WHITE BOX TESTING?
White box testing is an approach where the penetration tester is given access to source code, architecture and detailed design documentation, allowing holistic examination and identification of vulnerabilities in applications, networks, devices, products and other systems.
This “full knowledge” approach allows for an in-depth assessment of potential attack paths or ways to maliciously subvert the intended functionality and implementation of the systems being tested. Context will typically work alongside your development teams to help them think like an attacker and find ways to exploit any potential vulnerabilities, while also providing root cause analysis to guide future secure development efforts and practices.
BENEFITS OF WHITE BOX TESTING:
- Maximizes the value and efficiency of testing time
- Knowledge transfer between development teams and penetration testers, allowing identification of vulnerabilities that might not be discovered using black box or gray box methodologies
- Testing based on a threat model specific to the system and technology being reviewed