Security test can be conducted in two approaches:
If monetary resource and time are constraint, black box testing may not be the best option. This is where the organization may consider internal testing.
All forms of security testing can be of value to the organization; however it is up to the organization to decide what work in best of its interest under the given circumstance. A black-box test may highlight how supposedly confidential information is leaked. A white-box test is likely toe dedicate more time to probing for vulnerabilities and will address security of all external connection.
- Black-box
This means the ethical hacker has no prior knowledge or information about the system. This simulate a true web-hacking, beginning with nothing but the company name. From here the ethical hacker gathers information about the network and the business from as many outside source as possible. - White-box
This means the ethical hacker has complete knowledge of the network infrastructure to be tested. This help ethical hacker adopt a structured and formal approach. However, a good ethical hacker will also test the validity of the information provided initially, rather than work under the assumption that it is true.
If monetary resource and time are constraint, black box testing may not be the best option. This is where the organization may consider internal testing.
All forms of security testing can be of value to the organization; however it is up to the organization to decide what work in best of its interest under the given circumstance. A black-box test may highlight how supposedly confidential information is leaked. A white-box test is likely toe dedicate more time to probing for vulnerabilities and will address security of all external connection.
沒有留言:
張貼留言