Penetration Testing (White-box vs Black-box)

avatar
Created by
zara k

Cards (9)

  • Penetration testing
    A very important process when determining system security
  • Penetration testing process
    1. Simulating attack
    2. Finding weaknesses
    3. Attacking own system
    4. Trying to gain access without normal means
  • Penetration testing

    • Simulating an attack to find weaknesses
    • Pretending to come from an external source
  • Types of penetration tests
    • White box pen test
    • Black box pen test
  • White box pen test
    Simulates an inside attack where the attacker may have some knowledge of a system and basic credentials
  • Black box pen test
    Simulates an outside attack where the attacker has no real knowledge of the system and no credentials
  • Black box penetration testing is usually done by an external company
  • The company doing the black box penetration testing will review and report their findings to the client
  • If vulnerabilities are found, countermeasures will be implemented to try to fix them