The Chief Information Security Officer (CISO) of a small, local bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the lowest resource usage?
Block-box testing
Gray-box testing
Red-team hunting
White-box testing
Blue-team exercise
After the in-depth analysis following points related to the security has been observed-
1. Bank is local thus would have less number of branches which would further require less number of test cases.
2. Bank requirement is just get the complince from third party;it means here the vulnerabilty is less severe.
3.Bank want to engage less number of resources.
Considering above mentioned security aspects black box testing would be ideal. As tester would take less time to test the target system. Additionally, black box tester would not require significant resources to test the system vulnerability.
In Summary, Black box testing would be ideal in terms of less resource usage and time savy at the same time would fullfill the complience requirements.
Get Answers For Free
Most questions answered within 1 hours.