Learning Resources

Hacking Black box testing

Black box testing is simply a test design methodology.. In web application black box testing, the web application itself is treated as a whole without analyzing the internal logic and structure. Typically, web application scanners would see whether the web application as a whole could be manipulated to get access to the database. Modern technology allows for a great degree of automation, in effect, reducing the manual input required in testing web applications.

It is important to say reducing and not minimizing or doing away with. As any security consultant will tell you, automation will never replace the intelligence and creativity of human intervention.

In general, automated scanners first crawl an entire website, analyzing in-depth each file they would find and displaying the entire website structure. After this discovery stage, the scanner performs an automatic audit for vulnerabilities by launching a series of hacking attacks, in effect emulating a hacker. Scanners would analyze each page for places where data could be input and will subsequently attempt all the different input combinations. The scanners would check for vulnerabilities on web servers (on open ports), all web applications and in website content itself. The more robust products launch such attacks intelligently using varying degrees of heuristics.