Approaches to pentesting
There are three types of approaches to pentesting:
- Black-box pentesting follows non-deterministic approach of testing
- You will be given just a company name
- It is like hacking with the knowledge of an outside attacker
- There is no need of any prior knowledge of the system
- It is time consuming
- White-box pentesting follows deterministic approach of testing
- You will be given complete knowledge of the infrastructure that needs to be tested
- This is like working as a malicious employee who has ample knowledge of the company's infrastructure
- You will be provided information on the company's infrastructure, network type, company's policies, do's and don'ts, the IP address, and the IPS/IDS firewall
- Gray-box pentesting follows hybrid approach of black and white box testing
- The tester usually has limited information on the target network/system that is provided by the client to lower costs and decrease trial and error on the part of the pentester
- It performs the security assessment and testing internally
