This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
Hello Everyone ,
We are in n the process of selecting a vendor for Vulnerability Assessment and Penetration Testing of our web applications and APIs. We have a few questions that we'd like to get the community's input on before making a decision:
Do you typically ask potential VAPT vendors about the specific tools they plan to use in their technical proposal? If so, what are some key tools we should expect them to mention?
Between white-box, grey-box, and black-box testing, which do you find most effective for web applications and APIs?
Is it better to have the VAPT vendor conduct tests on-site or remotely? What are the security implications of each approach?
Thanks in advance
Subreddit
Post Details
- Posted
- 5 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...