|
|
|
|
|
|
by sheldorr
2950 days ago
|
|
|
Security consultancies will usually do whatever the client asks for, or try and cater exactly for their needs. This may result in either a white box attack or black box. Usually the test will be done at a fixed price, with a fixed scope (What they are/aren't allowed to test). The result of this will usually be a report detailing the vulns, along with reccommended fixes/remediations and sometimes a 'post-fix test' to check if the company has successfully remediated the issues. White box testing tends to look at the system/application from an internal-looking out perspective, whereas black box is an outside-in view. Benefits to whitebox being a very thorough assesment of the system but this will be time-consuming and expensive. Blackbox on the otherhand can simulate the likely attacks from an adversarie and sometimes be relatively quick dependent on the systems attack surface. Hope this helps. |
|
|