Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

White Box, Gray Box, and Black Box Testing, Oh My

Black box testing

In speaking with many of our clients, MainNerve’s staff has fielded countless questions about the type of penetration testing and approach that will be used, such as black box testing.  Often, clients are uncertain of what they need for their business. We work with them to ensure we are providing the correct services. Our goal is to partner with and keep the clients’ needs first. We are geeks but don’t read minds; we leave that part up to the psychics.

Black Box

For some clients, black box testing simply means external penetration testing.  It’s a phrase often heard in movies, which aren’t always accurate. However, black box testing is an approach where an ethical hacker has no knowledge of the system being attacked.  The goal of black box testing is to simulate an external hacking or cyber warfare attack.   MainNerve would perform reconnaissance, which is often called Open Source Intelligence (OINST), on the company to obtain sensitive knowledge of the networks.  This may take days or weeks for knowledge gathering.  This of course places us in the same role as an unethical hacker.

While this may be more like a real-world attack, the cost will be much higher due to the time it takes gathering data and attempting to brute force a network.  Many clients feel they are getting the best test possible with this approach.  However, MainNerve would like to remind companies that they may be overlooking many vulnerabilities on devices a tester may not have found.  Some attackers will take months attempting to harvest credentials before they get lucky and get into a network.

Gray Box

However, at MainNerve we like to presume that given enough time, a malicious actor would be able to find everything a client owns.  Therefore, we suggest gray box testing instead of black box testing.  We can still test the external network or applications as if we had no knowledge.  Once we verify that we cannot penetrate the firewall(s), we would then have the IPs and URLs in scope to continue testing to ensure you get the best bang for your buck.

White Box

Now you might be asking about the white box testing.  Isn’t gray box testing enough?  White box, or sometimes called crystal box, means we have even more information, like network diagrams or topology of the network.  This is mainly used for PCI testing, as that requires 100% of the network be verified and segmentation checks conducted.  This is more costly for internal network penetration testing, as those devices reside behind a firewall and we will have to ensure one network cannot talk to another network.

If you aren’t sure what you need, we have non-nerds standing by ready and willing to translate ‘geek’ and help you figure it out.  We are your partners in this endeavor, so feel free to call an expert at – 833-847-3280.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903