Black Box Vs. White Box
Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge of the implementation details of the system being tested that are available to the testers. Black box testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis. At the other end of the spectrum, white box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. There are also several variations in between, often known as grey box tests. Penetration tests can also be described as "full disclosure" (white box), "partial disclosure" (grey box), or "blind" (black box) tests based on the amount of information provided to the testing party.
The relative merits of these approaches are debated. Black box testing simulates an attack from someone who is unfamiliar with the system. White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
The services offered by penetration testing firms span a similar range, from a simple scan of an organization's IP address space for open ports and identification banners to a full audit of source code for an application.
Read more about this topic: Penetration Test
Famous quotes containing the words white box, black, box and/or white:
“The villagers are untying their disguises, they are shaking hands.
Whose is that long white box in the grove, what have they
accomplished, why am I cold?”
—Sylvia Plath (1932–1963)
“The white American man makes the white American woman maybe not superfluous but just a little kind of decoration. Not really important to turning around the wheels of the state. Well the black American woman has never been able to feel that way. No black American man at any time in our history in the United States has been able to feel that he didn’t need that black woman right against him, shoulder to shoulder—in that cotton field, on the auction block, in the ghetto, wherever.”
—Maya Angelou (b. 1928)
“A Cherokee is too smart to put anything in the contribution box of a race that’s robbed him of his birthright.”
—Howard Estabrook (1884–1978)
“The Enormous Room seems to me to be the book that has nearest approached the mood of reckless adventure in which men will reach the white heat of imagination needed to fuse the soggy disjointed complexity of the industrial life about us into seething fluid of creation. There can be no more playing safe.”
—John Dos Passos (1896–1970)