Approaches to pentesting

There are three types of approaches to pentesting:

  • Black-box pentesting follows non-deterministic approach of testing
    • You will be given just a company name
    • It is like hacking with the knowledge of an outside attacker
    • There is no need of any prior knowledge of the system
    • It is time consuming
  • White-box pentesting follows deterministic approach of testing
    • You will be given complete knowledge of the infrastructure that needs to be tested
    • This is like working as a malicious employee who has ample knowledge of the company's infrastructure
    • You will be provided information on the company's infrastructure, network type, company's policies, do's and don'ts, the IP address, and the IPS/IDS firewall
  • Gray-box pentesting follows hybrid approach ...

Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial