In the first session of Penetration Testing we have given the basic concept of defining What is Penetration testing and benefits of the Pen test. Now our second section will cover about the Types of Penetration Testing in detail .
Three Types of Penetration Testing
Basically there are three types of Pen tests in existence . They are – White box Penetration Test , Black box Penetration Test and finally Grey box Penetration Test .
Black Box Penetration Test
First we will discuss about the Black box penetration testing and its features. Also about the merits and demerits involved in the black box penetration testing .
What is Black Box Penetration Testing ?
In Black box testing , the black box tester is not having any idea or knowledge about the internal source code or the internal structure . He is just like a hacker who doesn’t have any internal information about the system . He can do the pen test on the system with only the public information that is available .
The black box penetration testers are not given any information about the architectural diagrams that are not open to public visibility . Thus this kind of pen test will help in identifying the security flaws in the system that can be attacked by any of the external person with no knowledge of the internal data .
The black box tester will try to collect as much as information about the targeted network / System . The tester will not examine any of the codes . He will be aware about only the expected outcome not about how this outcome will arrive .
Advantages of Black Box Pen Testing
Now we will focus on the merits of back box pen testing / the advantages of Black box pen testing .
- A black box pen tester need not to be an expert , nor is necessary for him to have any knowledge about languages .
- Black box tested is supposed to verify the contradictions in the system.
- Black box testing usually takes place from the perspective of the user . It has nothing to do with the designer aspect .
Disadvantages of Black Box Testing
As we all know everything has its own merits as well as demerits .So here we will point out some of the disadvantages of the black box testing process.
- Difficulty in design is one of the drawback faced while conducting a black box pen test .
- In case if the designer has conducted the test , then the black box test will not be worth in actual .
Now on the Types of Penetration Testing , there are two more types left . Next we will focus on white box test .
White Box Penetration Test
The second Types of Penetration Testing is White box Penetration testing . We will discuss what is white box pen testing and its merits-demerits .
What is White Box Penetration Testing ?
In white box penetration test , the tester is given information about the system or its network . The white box tester is given idea about the source code , schema details , IP , OS and almost all necessary information needed . Its generally an attack from internal source itself .
White box penetration testing is also known by different names such as – open box testing , auxiliary and logic-driven testing , clear box test , glass box testing etc .
White box testing is straight opposite of black box test . Because here the tester has all necessary information regarding the architecture design , data , source codes etc . In White box penetration the pen tester will check path testing , data flow testing and loop testing . As well as he analyses the code coverage .
Advantages of White Box Pen Testing
Discussed below is the advantages of white box penetration testing .
- White box test can help in finding out the internal and external security vulnerabilities in a system / network.
- Ensuring all the independent paths of each module has been exercised.
- Verification of all the logical decisions by means of accessing their true or false value is ensured in white hat pen testing .
- Typographical errors can be found as well as there will be a syntax checking process .
- Can help in finding out the design errors that has risen due to the difference between actual execution and logical flow .
Disadvantages of White Box Testing
Focusing on the disadvantages of white box penetration test let’s discus it in brief –
- The tester has to sort out the flaws by knowing so much of internal information thus it might create some confusion as well .
- Have to go through a huge amount of data that is time consuming .
- They work on the basis of knowledge of system directly from the developer . A hacker will not have any idea about this information .So a white hat testers’s behaviour will be entirely different from that of a hacker who doesn’t’ have any idea about the system .
So that’s all about the white box testing , now we will focus on the next Types of Penetration Testing that is Gray box test .
Read Also : Penetration testing tutorial for beginners
Grey Box Penetration Testing
Now we will focus on the last session of Types of Penetration Testing . The third type of pen test is – Gray box penetration testing .
What is Grey Box Penetration Testing ?
Grey box pen testing is type of pen testing where the tester will generally provide partial information regarding the internal system or network .
This generally works like an external attack by the tester who has some kind of access to the internal system / network infrastructure .
Advantages of Grey Box Pen Testing
Let us take a look at the advantages of grey box testing –
- In this there is difference between the tester and developer so the chances of personal conflict is absent .
- Doesn’t require access to the source code .
- Doesn’t have to supplement them with knowledge of internal info about program functions etc .
Disadvantages of Grey Box Testing
Now let us take a look at the disadvantages of grey box pen test –
- Grey box testers might miss out some of the vulnerabilities due to lack of idea about the source code .
- For algorithm testing , grey box testing is proven to be not ideal .
- Grey box pen test can be time consuming in its nature .
Hope this section of Penetration Testing tutorial have given all our readers a clear idea about the Types of Penetration Testing .
0 comments