Information security audit — a system process for obtaining objective qualitative and quantitative estimates of the current state of the information security of a site in accordance with certain criteria and safety indicators.
Security audit of the WEB-site by type of Black Box consists of the following stages:
— Search for vulnerabilities in the previously discussed scope (the testing area) of the site. This can be a specific list of subdomains, ports, or only the personal account of your web application;
— Exploitation of vulnerabilities;
— Creating a list of recommendations for bugs fix;
— Creation of a detailed report with the vulnerabilities that were detected;
— After fixing vulnerabilities by developers of the company, the vulnerability patch is checked and an attempt to bypass the protection (at the request of the customer).
— CWE/SANS TOP 25 Most Dangerous Software Errors;
— OWASP TOP 10 project.
You can get acquainted with them by following the links: