Security through obscurity is no security at all. Obscurity does indeed add an extra level of protection and should not be ignored altogether. When creating an application, a vendor should follow all best practices to protect their application/code from “reverse-engineering, tampering, invasive monitoring, and intrusion” (Source: OWASP.org). OWASP calls this “Application Hardening and Shielding”. Read […]
Month: September 2019
Gray Box vs. Black Box vs. White Box Testing
The balance of white/black box security testing is a decision you will ultimately make based on your budget, risk concerns, internal policies, and possibly compliance requirements. This article is intended to help a client think through the benefits of white box testing and the downsides to full black box testing, as well as provide several […]