.: services
|
|
.: penetration testing
White, Black, or Gray... which is for me?
There are multiple ways to test the perimeter
security of a network. Those are white box, gray box, and
black box penetration testing. Wether its from regulatory
or industry pressure we work with our clients in scoping the
engagement to best suite your environment.
A white box test consists of testing where
all applicable information is known about the system or systems
we are testing. Things such as IP addresses, applications,
service versions, etc. are shared with us up front. Typically
this is the least costly type of penetration test. However,
it does not give an accurate representation of a real world
attack.
A gray box test consists of testing where limited information
about the systems being tested is shared such as IP addresses,
target locations, etc. This is usually the most cost effective
type of test. It gives a real world representation of an attempted
"hack" without the high costs.
A black box test consists of testing that most accurately
reflects a real world targeted attack by an external threat
source. This type of test is a gloves off approach. Virus’,
physical penetration, application penetration, wireless attacks,
and social engineering are some of the attack vectors that
can and will be utilized in a black box test. This is a true
life test of incident preparedness and response.
|
