Penetration Testing Types
Classifications of security testing by tester knowledge level: black box, white box, and grey box.
Also: black box test · white box test · grey box test
Definition
Penetration testing is classified by the level of information provided to testers. Black-box testing simulates external attackers with no prior knowledge of systems. White-box testing provides testers full access to source code, architecture, and credentials for comprehensive assessment. Grey-box testing gives partial information, mimicking an insider threat or compromised account scenario. Each approach reveals different vulnerability categories and is chosen based on testing objectives, time constraints, and risk tolerance.
Example
“Before launching a financial services platform, the company hired a security firm to conduct white-box penetration testing with access to source code and architecture diagrams, enabling testers to identify authentication bypass vulnerabilities in the authorization logic.”
Synonyms
- pen test classification
- security test types
- offensive testing approaches
Images
CC-licensed · free to useVideo
Related Terms
- penetration-testing
- social-engineering
- intrusion-detection
- zero-day