When I was reading through the OWASP ASVS 4.0 PDF a few weeks ago, I was stopped in my tracks as early as page 10. Specifically by the following quotes :
"Black box testing is not effective assurance and must stop."
"Over the last 30+ years, black box testing has proven over and over again
to miss critical security issues that led directly to ever more massive breaches."
Now, let me preface this with the clarification that this post is not an attack…