Welcome to the repository for our Whitebox Security Assessment Methodology. This document serves as an in-depth guide designed specifically for security champions and application security (AppSec) engineers. The goal is to provide a structured approach to conducting whitebox security assessments of applications within your organization. This methodology outlines all necessary steps to achieve the most effective security testing results, ensuring thorough examination and improvement of your application's security posture.
This repository houses a methodology document that guides you from the initial setup to the detailed execution of a whitebox security assessment. It assumes that you have already completed the preliminary steps of obtaining multiple user accounts with varying privileges. This is essential for testing for IDOR (Insecure Direct Object References) and authorization bypasses, and ensures you have full access to the application's codebase and operational documentation.
Before you dive into the detailed testing methodology, ensure the following prerequisites are met:
This document is crafted for:
We welcome contributions to enhance and expand this methodology. If you have improvements or additional strategies, please contribute via pull requests or issues. You can find the repository HERE
This project is licensed under Apache 2 - see the file for details.