Over the last few years, the complexity of web applications has increased significantly.

Where dedicated fat client applications were used in the past, today "single page web applications" are often developed that communicate with the backend servers via REST APIs or websockets.

The presentation shows the advantages of a full disclosure of source code, infrastructure and architecture compared to a black or grey box pentest and how the testing methodology differs from a code review.