Yousif_at_Vapt-Sec.com wrote:
>
> Let's say a client wants an internal assessment. In this
> example, perhaps they don't want to securely send code or
> files to be reviewed and secured. More than one person is
> on the job, how can we do this remotely in real-time in
> any other way with full control of the system if there's
> more than person? -- What software exactly?
Not quite sure what you mean, but a "white box" test is one
with full information. If they don't let you have access to
the source code somehow, then it's not a white box test. For
the latter, doesn't matter if they send you a copy, or if you
log into a server of theirs which has the source code set up.
On the other hand you could do an internal test - in a sense
- which was not a white box test, if they want you to test
from inside their firewall.
Shouldn't be any problems for more than one person to review
how the system works, but if you're going to try to break it
you need to exactly how much disruption your client is
prepared to put up with. And make sure you are starting with
a contract which explicitly states what you're going to do.
cheers,
--
www.systemstates.net - penetration test / IDS / incident response
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 07 2008
Intro
