The project need to be finished by black hat .
1. The requirements of the actual use of hacking attacks on the site of the non-destructive nature of the site of the offensive test, the main analysis includes information collection class, configuration management class (HTTP method testing, information disclosure, etc.), authentication class (user enumeration, Password verification, password reset test, etc.), session class (cookie test, session fixed test, etc.), authorization class (URL override, path traversal, business logic, file download test, etc.), data validation class (SQL injection, cross station Scripting, code injection, URL jump, file upload test, etc.), system application vulnerabilities and other content testing and [login to view URL] are better of a black hat
2. Use the Business Security Assessment Tool to exploit vulnerabilities within the scope of the assessment target and verify vulnerabilities such as Web application vulnerabilities, host operating system vulnerabilities, database vulnerabilities, weak passwords, information disclosure, and improper configuration