Approaches to pentesting

There are three types of approaches to pentesting:

• Black-box pentesting follows a non-deterministic approach of testing:
  • You will be given just a company name
  • It is like hacking with the knowledge of an outside attacker
  • You do not need any prior knowledge of the system
  • It is time-consuming
• White-box pentesting follows a deterministic approach to testing:
  • You will be given complete knowledge of the infrastructure that needs to be tested
  • This is like working as a malicious employee who has ample knowledge of the company's infrastructure
  • You will be provided information on the company's infrastructure, network type, company's policies, do's and don'ts, the IP address, and the IPS/IDS firewall
• Gray-box pentesting follows a hybrid approach of black-box and white-box testing:
  • The tester usually has limited information on the target network/system that is provided by the client to lower the costs and decrease trial and error on the part of the pentester
  • It performs the security assessment and testing internally