Also known as external penetration testing, in a black box test, the tester is given little to no information regarding the IT infrastructure of your business (perhaps only the name of the company). The main benefit of this test is to simulate a real-world cyber attack where the tester assumes the role of an uninformed attacker. This is often suited for a mature environment where processes for vulnerability identification and remediation are already in place.


Also known as internal penetration testing, in a white box test, the tester has full knowledge and access to your company’s source code and environment. The goal of the test is to conduct an in-depth security audit of your business’s system. In addition, a white box text can target specific concerns such as new features in an application or new segments of a network


This is a combination of black box and white box testing techniques. The tester is provided with partial knowledge of the system such as low-level credentials, logical flow charts, and specific hosts or networks. The key purpose is to find potential code and functionality issues. The grey box test presents a good idea of what a targeted attack may look like, without requiring the tester to spend significant time collecting information.