[WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

Susan Smoter spire20707 at verizon.net
Fri May 9 20:13:07 EDT 2008

I've been on this list for some time and I find it very helpful.  Now I'd
like some help.  I have seen the terms PEN Testing and Black Box Testing
used interchangably, but I think they are or can be different types of
tests.  Seems that black box tools be used by developers to eliminate coding
issues and to validate false positives from white box/static testing, while
PEN testing would only attempt to "break and enter" without necessiary
providing coders with info about fixing the identified vulnerabilities.  If
I've got this correct, then I'd like to find a better set of terminologies
to use to differentiate between security testing while in the SDLC phases
and those done in preparation for application deployment.


Thanks for some clarification - I'm working on establishing Application
Vulnerability Management and am having difficulty getting everyone on the
same page due to overlapping semantics.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080509/0e43316c/attachment.html>

More information about the websecurity mailing list