Emulating an external attacker without prior knowledge of the application's internal structures and workings