A penetration test can be classified into three models with regard to the information base made available to the penetration tester: whitebox, greybox and blackbox.

Black Box Pentest

In a black box pentest, the pentester receives only minimal information about their actual target. This is intended to simulate the attack of a malicious hacker as closely as possible. The pentester only knows the company to be attacked, he has to find out all other information such as IP addresses or DNS entries himself. At the end you get the insight of how far a real attacker would have gotten in the same time spent.

White Box Pentest

The white box pen test is the opposite of the black box pen test: Here a penetration tester receives all potentially helpful information. This includes, for example, documentation about the IT systems or the source code of the applications to be tested. The information basis corresponds most closely to that of an internal employee who already has too much access to various areas of IT in the company.

Grey Box Pentest

A compromise between white box and black box pentest that is good in practice and often carried out is the grey box pentest. The pentester receives all the information that he could find out himself anyway, such as IP addresses and DNS entries. However, no comprehensive documentation or source code. If he encounters a problem where it would be helpful, for example, to know which database is being used in the background, he will get this information. The aim here is to make his work efficient as possible in order to be able to identify as many weak points and entry points as possible within the time invested for the pentest itself.

Last modified: Nov. 15, 2022

binsec GmbH
binsec GmbH is a consulting firm for information security and was founded in 2013 by security experts. Our team consists of experienced, certified specialists with different areas of expertise. Due to our extensive expertise in many different IT security fields, we can support our customers with a wide array of issues. Most of our customers are medium-sized companies, for whom security is pivotal to success.