Black Box / White Box

Posted by jmls on 05-Oct-2012 14:36

I have been asked to start considering developing a web-based customer frontend for our application.

That doesn't phase me.

What does is that the application database has over 1.5m customer records and I *really* don't want to be in the chair if some bugger manages to hack into the system.

I want to put together a prototype and get someone to do some back box / white box testing to see how robust the architecture is.

So, to the question(s)

a) how do you handle customer security ?

username / password ?


certificates ?

otp ?

b) do you know of a reputable organisation that handles this sort of test ? I quite obiviously don't want to hire someone I found on the net, who says "yeah, it's all ok", only to hack into the systems later because he knows all the weaknesses

c) what sort of software do you use ?

http server




many thanks !

All Replies

Posted by jmls on 16-Oct-2012 14:04


No-one ? Or is it all secret sauce stuff ?

Posted by gamberoni on 26-Oct-2012 07:45

In the past we have used:

NCC GROUP SECURE TEST Penetration and Security Testing

NCC Group plc Manchester Technology Centre, Oxford Road, Manchester, M1 7EF

Posted by on 26-Oct-2012 07:48

I will be out of the office until Monday 5th November with no email access. If you need to contact someone within the office then please phone reception on 01904 727150, otherwise I will reply to your email as soon as I am able.

Thanks, Andrew.

Email Disclaimer

This thread is closed