Introduction
A penetration test may be performed using different approaches called black, grey, and white box. Black box is when the testing team doesn't have any previous information about the application to test except the URL of the server; white box is when the team has all information about the target, its infrastructure, software versions, test users, development information, and so on; and gray box is a point in between.
For both black and gray box approaches, a reconnaissance phase, as we saw in the previous chapter, is necessary for the testing team to discover the information that could be provided by the application's owner in a white box approach.
Continuing with the reconnaissance phase in a web penetration test, we will need ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access