Before a web application assessment can take place, Black Hat Defense defines a clear scope of the client. Open communication between Black Hat and the client organization is encouraged at this stage to establish a comfortable foundation from which to assess.​

• Determine which of the organization’s applications or domains  are to be scanned/tested

• Make exclusions from the assessment known (specific pages/subdomains)

• Decide on the official testing period and confirm time zones.

At this stage, we incorporate automated scripts and tools, among other tactics in more advanced information gathering. Our engineers closely examine any possible attack vectors. The gathered information from this stage will be the basis for our exploitation in the next phase.

• Enumerating directories/subdomains

• Checking cloud services for possible misconfigurations

• Correlating known vulnerabilities with the application and relevant services

Reporting is the final stage of the assessment process. Our analysts aggregate all obtained information and provide the client with a thorough, comprehensive detailing of our findings. The report begins with a high-level breakdown of the overall risk, highlighting both strengths and weaknesses in the application’s protective systems and logic. We also include strategic recommendations to aid business leaders in making informed decisions regarding the application. Further into the report, we break down each vulnerability in technical detail, including our testing process and remediation steps for the IT team, making for a simple remediation process. We go to great lengths to ensure each report is both explicit and easy to navigate.

Black Hat Defense engineers collect as much information as they can on the target, employing a myriad of OSINT (Open Source Intelligence) tools and techniques. The gathered data will help us to understand the operating conditions of the organization, which allows us to assess risk accurately as the engagement progresses. Targeted intelligence might include:

• PDF, DOCX, XLSX, and other files leaked by Google​

• Previous breaches/credential leaks

• Revealing forum posts by application developers

• Exposed robots.txt file

With careful consideration, we begin to attack vulnerabilities found within the webapp. This is done cautiously to protect the application and its data, while still verifying the existence of discovered attack vectors. At this stage, we may perform attacks such as:

• SQL injection and/or Cross-Site Scripting

• Employing breached credentials and brute force tools against authorization mechanisms

• Monitoring web app functionality for insecure protocols and functions

Additionally, upon client request, we may review an assessment after the client organization has patched vulnerabilities. We will ensure changes were implemented properly, and the risk has been eliminated. The previous assessment will be updated to reflect the more secure state of the application.