Approaches to pentesting

There are three types of approaches to pentesting:

  • Black-box pentesting follows non-deterministic approach of testing
    • You will be given just a company name
    • It is like hacking with the knowledge of an outside attacker
    • There is no need of any prior knowledge of the system
    • It is time consuming
  • White-box pentesting follows deterministic approach of testing
    • You will be given complete knowledge of the infrastructure that needs to be tested
    • This is like working as a malicious employee who has ample knowledge of the company's infrastructure
    • You will be provided information on the company's infrastructure, network type, company's policies, do's and don'ts, the IP address, and the IPS/IDS firewall
  • Gray-box pentesting follows hybrid approach of black and white box testing
    • The tester usually has limited information on the target network/system that is provided by the client to lower costs and decrease trial and error on the part of the pentester
    • It performs the security assessment and testing internally
本周热推:
Python深度学习与项目实战Java Web程序设计Processing互动编程艺术JavaScript入门经典(第7版)Java Web动态网站开发(第2版·微课版)
上一章目录下一章