Red teaming, pentesting, white box testing – many definitions and even more ways to conduct these tests, but how they help in the ultimate decision if the product requires additional investments? This paper will deep dive into a real attack executed by a red team against a multi-layer product. All the cool hacks leading from XML-RPC interface to root access act as a mere excuse for discussing:

• where the different tests fail and succeed in finding vulnerabilities
• what the tests tell about the risks estimation
• how to achieve actionable results
• how to benefit from the results reported