24 lines
1.2 KiB
XML
24 lines
1.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section id="crystalboxing">
|
|
<title>The Crystal-Box Pentesting Method</title>
|
|
<p>
|
|
Crystal-box vs. black-box pentesting refers to the amount of information
|
|
about the target environment, architecture, and/or applications the customer
|
|
initially shares with the pentesters. With black-box testing, pentesters are
|
|
given no information whatsoever about the target(s). With crystal-box
|
|
testing, pentesters are given all information requested about the target(s),
|
|
including source-code (when relevant), access to developers or system
|
|
management, etc.
|
|
</p>
|
|
<p>
|
|
<company_short/>
|
|
will conduct crystal-box pentesting, which is the preferred method. Unlike
|
|
real-world attackers who have all of the time in the world, penetration
|
|
testing tends to happen within a limited time frame. Crystal-box pentesting
|
|
allows us to make the most efficient use of the time allotted, thus
|
|
maximizing the number of vulnerabilities that can be found. Additionally
|
|
crystal-box pentesting fits naturally hand-in-hand with the "Peek Over Our
|
|
Shoulder" option that <company_short/> offers to <client_short/>.
|
|
</p>
|
|
</section>
|