This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project
Description of the Issue
Black Box testing and example
How to test using black box approach.
Gray Box testing
- HTML5 Rocks - Introducing WebSockets: Bringing Sockets to the Web: http://www.technicalinfo.net/papers/CSS.html
- W3C - The WebSocket API: http://dev.w3.org/html5/websockets/
- IETF - The WebSocket Protocol: https://tools.ietf.org/html/rfc6455
- OWASP Zed Attack Proxy (ZAP) - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.