Black Box Vs. White Box
Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge of the implementation details of the system being tested that are available to the testers. Black box testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis. At the other end of the spectrum, white box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. There are also several variations in between, often known as grey box tests. Penetration tests can also be described as "full disclosure" (white box), "partial disclosure" (grey box), or "blind" (black box) tests based on the amount of information provided to the testing party.
The relative merits of these approaches are debated. Black box testing simulates an attack from someone who is unfamiliar with the system. White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
The services offered by penetration testing firms span a similar range, from a simple scan of an organization's IP address space for open ports and identification banners to a full audit of source code for an application.
Read more about this topic: Penetration Test
Famous quotes containing the words black box, black, box and/or white:
“A black boxer’s career is the perfect metaphor for the career of a black male. Every day is like being in the gym, sparring with impersonal opponents as one faces the rudeness and hostility that a black male must confront in the United States, where he is the object of both fear and fascination.”
—Ishmael Reed (b. 1938)
“A terrible, beetle-browed, mastiff-mouthed, yellow-skinned, broad-bottomed, grim-taciturn individual; with a pair of dull-cruel-looking black eyes, and as much Parliamentary intellect and silent-rage in him ... as I have ever seen in any man.”
—Thomas Carlyle (1795–1881)
“Such as boxed
Their feelings properly, complete to tags
A box for dark men and a box for Other
Would often find the contents had been scrambled.”
—Gwendolyn Brooks (b. 1917)
“I don’t have any doubts that there will be a place for progressive white people in this country in the future. I think the paranoia common among white people is very unfounded. I have always organized my life so that I could focus on political work. That’s all I want to do, and that’s all that makes me happy.”
—Hettie V., South African white anti-apartheid activist and feminist. As quoted in Lives of Courage, ch. 21, by Diana E. H. Russell (1989)