TYPES OF PENETRATION TESTS

Basically there are 3 types of penetration testing : white box, black box and gray box.

White Box Testing

White box testing is when the testing team has access to network diagrams, asset records and other useful information. This method is used when timeis of the essence and when budgets are tight and the number of authorized hours is limited. This type of testing is the least realistic, in terms of what an attacker may do.

Black Box Testing

Black box testing is when there is absolutely no information given to the penetration testing team. In fact, using this method of testing, the penetration testing team may only be given the company team. Other times, they may be given an IP range and other parameters to limit the potential for collateral damage.This type of testing most accurately represents what an attacker may do and is the most realistic.

Gray Box Testing

Gray box testing is, we guessed it, somewhere in between white box testing and black bos testing. This is the best form of penetration testing where the penetration testing team is given limited information and only as required. So, as they work their way from the outside in, more access to information is granted to speed the process up. This method of testing maximizes realism while remaining budget friendly.