The document discusses methodologies for assessing application security, including both blackbox and whitebox approaches. It outlines challenges with each approach, such as difficulty discovering all application assets and endpoints with blackbox testing. Whitebox testing is presented as able to more fully cover the application scope by analyzing source code directly. The document also covers specific challenges for assessing web 2.0 applications and services.