{"id":4774,"date":"2022-05-25T21:28:25","date_gmt":"2022-05-25T19:28:25","guid":{"rendered":"https:\/\/www.sec4you.com\/?p=4774"},"modified":"2022-11-06T09:38:15","modified_gmt":"2022-11-06T08:38:15","slug":"comparison-blackbox-test-whitebox-test-graybox-test","status":"publish","type":"post","link":"https:\/\/www.sec4you.com\/en\/comparison-blackbox-test-whitebox-test-graybox-test\/","title":{"rendered":"Com\u00adpa\u00adri\u00adson: Black\u00adbox Test, White\u00adbox Test, Gray\u00adbox&nbsp;Test"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\"><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1289.6px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p>Befo\u00adre per\u00adforming a pene\u00adtra\u00adti\u00adon test, the ques\u00adti\u00adon ari\u00adses as to how the pen\u00adtest should be per\u00adfor\u00admed. Here, pen\u00adtes\u00adters distin\u00adgu\u00adish bet\u00adween the fol\u00adlo\u00adwing approaches:<\/p>\n<ol>\n<li>Black\u00adbox&nbsp;test<\/li>\n<li>White\u00adbox&nbsp;test<\/li>\n<li>Gray\u00adbox&nbsp;Text<\/li>\n<\/ol>\n<p>Which test is best sui\u00adted for an&nbsp;audit?<\/p>\n<\/div><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-one\" style=\"--awb-margin-top:30px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:40;line-height:1.2;\"><h3>Black box or black box&nbsp;test<\/h3><\/h1><\/div><div class=\"fusion-text fusion-text-2\"><p>With this pene\u00adtra\u00adti\u00adon test method, the pen\u00adtes\u00adter does not recei\u00adve any infor\u00adma\u00adti\u00adon about the sys\u00adtems in ope\u00adra\u00adti\u00adon, neither which fire\u00adwall is in use nor which exter\u00adnal ser\u00advices the com\u00adpa\u00adny uses. The\u00adr\u00ade\u00adfo\u00adre, the pen\u00adtes\u00adter has to spend more time on rese\u00adarch. For this pur\u00adpo\u00adse, pen\u00adtes\u00adters also use back\u00adground infor\u00adma\u00adti\u00adon about the com\u00adpa\u00adny from the dark\u00adnet and spe\u00adcial search engi\u00adnes such as Shodan.<\/p>\n<p>Cus\u00adto\u00admers like to use this test\u00ading approach to find out what infor\u00adma\u00adti\u00adon real hackers can find out about the com\u00adpa\u00adny. For lia\u00adbi\u00adli\u00adty reasons, howe\u00adver, the cus\u00adto\u00admer must always dis\u00adc\u00adlo\u00adse the actu\u00adal <span class=\"caps\">IP<\/span> addres\u00adses of its infra\u00adstruc\u00adtu\u00adre, and aut\u00adho\u00adri\u00adze the audit com\u00adpa\u00adny with a decla\u00adra\u00adti\u00adon of aut\u00adho\u00adriza\u00adti\u00adon for the pen\u00adtest attack.<\/p>\n<p>The advan\u00adta\u00adges:<\/p>\n<\/div><ul style=\"--awb-iconcolor:#ffdf60;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-1 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Cus\u00adto\u00admers learn what infor\u00adma\u00adti\u00adon Inter\u00adnet and dark\u00adnet are stored about the company<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>The time requi\u00adred for the cus\u00adto\u00admer to pro\u00advi\u00adde infor\u00adma\u00adti\u00adon and coor\u00addi\u00adna\u00adti\u00adon is minimal<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>The result report is from the point of view of a hacker<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-3\" style=\"--awb-margin-top:15px;\"><p>Dis\u00adad\u00advan\u00adta\u00adges and the cost factor:<\/p>\n<\/div><ul style=\"--awb-iconcolor:#4e6372;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-2 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Due to the lack of coor\u00addi\u00adna\u00adti\u00adon, the\u00adre is no prio\u00adri\u00adtiza\u00adti\u00adon of which ser\u00advices are par\u00adti\u00adcu\u00adlar\u00adly cri\u00adti\u00adcal and requi\u00adre more or less test\u00ading effort<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>The rese\u00adarch is time-con\u00adsum\u00ading and the\u00adr\u00ade\u00adfo\u00adre a black box test is more expen\u00adsi\u00adve than a white or gray box&nbsp;test<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<div class=\"fusion-text fusion-text-5\">\n<p>The black box test is not sui\u00adta\u00adble for test\u00ading inter\u00adnal secu\u00adri\u00adty-rele\u00advant algo\u00adrith\u00adms of the applications.<\/p>\n<\/div>\n<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-one\" style=\"--awb-margin-top:30px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:40;line-height:1.2;\"><h3>White box or white box&nbsp;test<\/h3><\/h1><\/div><div class=\"fusion-text fusion-text-4\"><p>During the white\u00adbox test, the\u00adre is an inten\u00adsi\u00adve exch\u00adan\u00adge of infor\u00adma\u00adti\u00adon bet\u00adween the ope\u00adra\u00adtor and the pen\u00adtes\u00adter about the <span class=\"caps\">IT<\/span> infra\u00adstruc\u00adtu\u00adre used, the secu\u00adri\u00adty infra\u00adstruc\u00adtu\u00adre, the <span class=\"caps\">IT<\/span> ser\u00advices and authen\u00adti\u00adca\u00adti\u00adon methods. Often, pro\u00adtec\u00adti\u00adve mea\u00adsu\u00adres such as fire\u00adwall <span class=\"caps\">IPS<\/span> are dis\u00adab\u00adled in advan\u00adce to allow the secu\u00adri\u00adty scan to run effi\u00adci\u00adent\u00adly. To test web appli\u00adca\u00adti\u00adons, the pen\u00adtes\u00adter often also recei\u00adves dif\u00adfe\u00adrent acti\u00adve user IDs to run within a web appli\u00adca\u00adti\u00adon, for exam\u00adp\u00adle, the <span class=\"caps\">OWASP<\/span> Top 10 attacks. Often the pen\u00adtes\u00adter also gets insight into source code or inter\u00adnal configurations.<\/p>\n<p>This test\u00ading approach is very effi\u00adci\u00adent! The pen\u00adtes\u00adter actively com\u00admu\u00adni\u00adca\u00adtes with the cus\u00adto\u00admer and tests the <span class=\"caps\">IT<\/span> ser\u00advices and appli\u00adca\u00adti\u00adons in gre\u00adat depth. The results can go as far as recom\u00admen\u00adda\u00adti\u00adons for the soft\u00adware deve\u00adlo\u00adpers, as log\u00adin func\u00adtions, authen\u00adti\u00adca\u00adti\u00adon and under\u00adly\u00ading algo\u00adrith\u00adms are also dis\u00adcus\u00adsed. By sha\u00adring infor\u00adma\u00adti\u00adon about the infra\u00adstruc\u00adtu\u00adre, the pen\u00adtes\u00adter can make struc\u00adtu\u00adral recom\u00admen\u00adda\u00adti\u00adons about net\u00adwork design and secu\u00adri\u00adty infra\u00adstruc\u00adtu\u00adre, which is often not pos\u00adsi\u00adble with a black box&nbsp;test.<\/p>\n<p>Many advan\u00adta\u00adges:<\/p>\n<\/div><ul style=\"--awb-iconcolor:#ffdf60;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-3 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Cus\u00adto\u00admers can prio\u00adri\u00adti\u00adze <span class=\"caps\">IT<\/span> ser\u00advices and com\u00admu\u00adni\u00adca\u00adte with the pen\u00adtes\u00adter in advance<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">White\u00adbox tests are more effi\u00adci\u00adent and cost-effec\u00adti\u00adve than black\u00adbox tests in terms of pen\u00adtest results<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Cus\u00adto\u00admers recei\u00adve soft\u00adware deve\u00adlo\u00adp\u00adment recom\u00admen\u00adda\u00adti\u00adons on secu\u00adre coding and secu\u00adre design<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">The pen\u00adtes\u00adter can make recom\u00admen\u00adda\u00adti\u00adons on the net\u00adwork archi\u00adtec\u00adtu\u00adre and the 3\u2011tier appli\u00adca\u00adti\u00adon architecture<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Through the exch\u00adan\u00adge of infor\u00adma\u00adti\u00adon bet\u00adween the cus\u00adto\u00admer and the pen\u00adtes\u00adter, inter\u00adnal algo\u00adrith\u00adms and APIs can also be eva\u00adlua\u00adted in the results report.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Cus\u00adto\u00admers learn more about the pen\u00adtes\u00adter\u00ad\u2019s attacks in advan\u00adce and can bet\u00adter moni\u00adtor their services.<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-5\" style=\"--awb-margin-top:15px;\"><p>Also dis\u00adad\u00advan\u00adta\u00adges:<\/p>\n<\/div><ul style=\"--awb-iconcolor:#4e6372;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-4 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">The coor\u00addi\u00adna\u00adti\u00adon effort is grea\u00adter (a few hours, up to 1\u20132&nbsp;days)<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Cus\u00adto\u00admers need a detail\u00aded net\u00adwork plan and <span class=\"caps\">IT<\/span> asset direc\u00adto\u00adry, and they need to know exact\u00adly what the con\u00adfi\u00adgu\u00adra\u00adti\u00adons of the sys\u00adtems&nbsp;are.<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Often this con\u00adfi\u00adden\u00adti\u00adal infor\u00adma\u00adti\u00adon is not rea\u00addi\u00adly shared externally<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-one\" style=\"--awb-margin-top:30px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:40;line-height:1.2;\"><h3>Gray\u00adbox \/ Gray-Box Test<\/h3><\/h1><\/div><div class=\"fusion-text fusion-text-6\"><p>In this mixed form bet\u00adween white-box and black-box test\u00ading, par\u00adti\u00adal know\u00adledge about inter\u00adnal infra\u00adstruc\u00adtures is exch\u00adan\u00adged. This includes at least the rele\u00advan\u00adce of the published services.<\/p>\n<p>The advan\u00adta\u00adges are obvious:<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.6666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><ul style=\"--awb-iconcolor:#ffdf60;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-5 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">The pen\u00adtes\u00adter nevert\u00adhel\u00adess crea\u00adtes a com\u00adple\u00adte inven\u00adto\u00adry of exter\u00adnal ser\u00advices, but focu\u00adses pene\u00adtra\u00adti\u00adon test\u00ading on cri\u00adti\u00adcal ser\u00advices with sen\u00adsi\u00adti\u00adve&nbsp;data<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">With the know\u00adledge of the infra\u00adstruc\u00adtu\u00adre and secu\u00adri\u00adty infra\u00adstruc\u00adtu\u00adre, the audi\u00adtor can make spe\u00adci\u00adfic recom\u00admen\u00adda\u00adti\u00adons on the architecture<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">The test pha\u00adse is signi\u00adfi\u00adcant\u00adly shor\u00adten\u00aded com\u00adpared to a black box&nbsp;test<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-sun fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Inva\u00adsi\u00adve test methods that dis\u00adrupt or block ser\u00advices (e.g. DoS attacks) can be eva\u00adlua\u00adted in advance<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-7\" style=\"--awb-margin-top:15px;\"><p>The dis\u00adad\u00advan\u00adta\u00adges:<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.3333333333%;--awb-margin-top-large:0px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img decoding=\"async\" width=\"463\" height=\"466\" title=\"Black\u00adbox White\u00adbox Gray\u00adbox Pentest\" src=\"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests-1.png\" alt class=\"img-responsive wp-image-4444\" srcset=\"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests-1-200x200.png 200w, https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests-1-400x403.png 400w, https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests-1.png 463w\" sizes=\"(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 400px\"><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><ul style=\"--awb-iconcolor:#4e6372;--awb-line-height:25.5px;--awb-icon-width:25.5px;--awb-icon-height:25.5px;--awb-icon-margin:10.5px;--awb-content-margin:36px;\" class=\"fusion-checklist fusion-checklist-6 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Over\u00adco\u00adming the first peri\u00adme\u00adter takes lon\u00adger, so the\u00adre is less time to inten\u00adsi\u00adve\u00adly test sys\u00adtems behind it<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">Gray\u00adbox tests pro\u00addu\u00adce fewer results and recom\u00admen\u00adda\u00adti\u00adons when mea\u00adsu\u00adred over the same time as white\u00adbox&nbsp;tests<\/div><\/li><li class=\"fusion-li-item\" style><span class=\"icon-wrapper circle-no\"><i class=\"fusion-li-icon fa-cloud-rain fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Gray\u00adbox tests can only be used to test inter\u00adnal algo\u00adrith\u00adms bet\u00adween sys\u00adtems (e.g. inter\u00adnal APIs, inter\u00adnal cryp\u00adto\u00adgra\u00adphy usa\u00adge, backend com\u00admu\u00adni\u00adca\u00adti\u00adon with third par\u00adty sys\u00adtems) to a limi\u00adt\u00aded extent<\/p>\n<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-one\" style=\"--awb-margin-top:30px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:40;line-height:1.2;\"><h3>What does a pen\u00adtest&nbsp;cost?<\/h3><\/h1><\/div><div class=\"fusion-text fusion-text-8\"><p>The cost of a pene\u00adtra\u00adti\u00adon test also results from the time spent on the fol\u00adlo\u00adwing services:<\/p>\n<\/div><div class=\"fusion-text fusion-text-9\"><ol>\n<li>The pre\u00adpa\u00adra\u00adti\u00adon time and arran\u00adge\u00adments with the customer.<\/li>\n<li>The set\u00adup of the secu\u00adri\u00adty scan\u00adner and the auto\u00adma\u00adted scan\u00adning&nbsp;tools<\/li>\n<li>The time for the manu\u00adal pene\u00adtra\u00adti\u00adon tests into the cus\u00adto\u00admer\u2019s sys\u00adtems by the pentester<\/li>\n<li>The report pre\u00adpa\u00adra\u00adti\u00adon and coor\u00addi\u00adna\u00adti\u00adon of the draft report<\/li>\n<li>The final presentation<\/li>\n<\/ol>\n<\/div><div class=\"fusion-text fusion-text-10\"><p><strong>Small pen\u00adtest pro\u00adjects<\/strong> can alre\u00ada\u00addy be offe\u00adred with an effort of 2\u20133 days due to the high degree of auto\u00adma\u00adti\u00adon of pha\u00adse 2. For black box tests, addi\u00adtio\u00adnal hours or days are nee\u00added for rese\u00adarch. The tur\u00adn\u00adaround time is usual\u00adly around 1&nbsp;week.<\/p>\n<\/div><div class=\"fusion-text fusion-text-11\"><p><strong>For medi\u00adum-sized pro\u00adjects<\/strong> or more deman\u00adding <span class=\"caps\">IT<\/span> ser\u00advices, 5\u20137 days or more should be inves\u00adted in the pen\u00adtest. The secu\u00adri\u00adty scan includes, among other things, an extern\u00adal\u00adly crea\u00adted ser\u00advice inven\u00adto\u00adry and can run for many days if the\u00adre are a lar\u00adge num\u00adber of <span class=\"caps\">IP<\/span> addres\u00adses. During this time, the pen\u00adtes\u00adter moni\u00adtors the scan\u00adner, but the\u00adre is usual\u00adly no work time invol\u00adved. The working time is focu\u00adsed exclu\u00adsi\u00adve\u00adly on pha\u00adse 1, 3, 4 and&nbsp;5.<\/p>\n<\/div><div class=\"fusion-text fusion-text-12\"><p><strong>Lar\u00adge pen\u00adtest pro\u00adjects<\/strong> with a lar\u00adge num\u00adber of <span class=\"caps\">IP<\/span> addres\u00adses or the test\u00ading of very deman\u00adding web appli\u00adca\u00adti\u00adons can also take 10+ days. If you sche\u00addu\u00adle or invest too few days for the pen\u00adtest, the\u00adre is a risk that the pen\u00adtes\u00adter will not be able to iden\u00adti\u00adfy rele\u00advant vul\u00adnerabi\u00adli\u00adties in the given time and the test will be incom\u00adple\u00adte as a result. For lar\u00adge pen\u00adtests, the tur\u00adn\u00adaround time can also be 3\u20134&nbsp;weeks.<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":4443,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[42,212],"tags":[],"class_list":["post-4774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-blog-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/\" \/>\n<meta property=\"og:site_name\" content=\"SEC4YOU\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-25T19:28:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-06T08:38:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png\" \/>\n\t<meta property=\"og:image:width\" content=\"848\" \/>\n\t<meta property=\"og:image:height\" content=\"565\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andreas Schuster\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andreas Schuster\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/\"},\"author\":{\"name\":\"Andreas Schuster\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/#\\\/schema\\\/person\\\/b14cd48925626f5f693479b828fbc025\"},\"headline\":\"Com\u00adpa\u00adri\u00adson: Black\u00adbox Test, White\u00adbox Test, Gray\u00adbox&nbsp;Test\",\"datePublished\":\"2022-05-25T19:28:25+00:00\",\"dateModified\":\"2022-11-06T08:38:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/\"},\"wordCount\":5253,\"image\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.sec4you.com\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/Black-White-Graybox-Tests.png\",\"articleSection\":[\"Blog\",\"Blog EN\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/\",\"url\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/\",\"name\":\"Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.sec4you.com\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/Black-White-Graybox-Tests.png\",\"datePublished\":\"2022-05-25T19:28:25+00:00\",\"dateModified\":\"2022-11-06T08:38:15+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/#\\\/schema\\\/person\\\/b14cd48925626f5f693479b828fbc025\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.sec4you.com\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/Black-White-Graybox-Tests.png\",\"contentUrl\":\"https:\\\/\\\/www.sec4you.com\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/Black-White-Graybox-Tests.png\",\"width\":848,\"height\":565,\"caption\":\"Black-White-Graybox Tests\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/comparison-blackbox-test-whitebox-test-graybox-test\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.sec4you.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Comparison: Blackbox Test, Whitebox Test, Graybox Test\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/#website\",\"url\":\"https:\\\/\\\/www.sec4you.com\\\/\",\"name\":\"SEC4YOU\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.sec4you.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.sec4you.com\\\/#\\\/schema\\\/person\\\/b14cd48925626f5f693479b828fbc025\",\"name\":\"Andreas Schuster\",\"description\":\"Als Experte f\u00fcr Informationssicherheit \\\/ Informationssicherheits-Managementsysteme (ISMS), IT-Sicherheit, Authentifizierung, sowie PKI und Verschl\u00fcsselung verf\u00fcgt er \u00fcber mehr als 20 Jahre technische Erfahrung in Serverinfrastruktur sowie Unternehmensnetzwerkarchitektur. Seine ausgezeichneten Kenntnisse in ISO 27001 und ISA 6 \\\/ TISAX erm\u00f6glichen es ihm, Kunden in NIS-2 Umsetzungen und bei InfoSec Zertifizierungsprozessen effektiv zu unterst\u00fctzen. Zudem ist er hervorragend mit europ\u00e4ischen Zertifizierungsstellen vernetzt.\",\"sameAs\":[\"https:\\\/\\\/Verschl\u00fcsselt.IT\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/andreas-schuster-3885b18\\\/\"],\"url\":\"https:\\\/\\\/www.sec4you.com\\\/en\\\/author\\\/aschuster4you\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/","og_locale":"en_US","og_type":"article","og_title":"Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU","og_url":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/","og_site_name":"SEC4YOU","article_published_time":"2022-05-25T19:28:25+00:00","article_modified_time":"2022-11-06T08:38:15+00:00","og_image":[{"width":848,"height":565,"url":"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png","type":"image\/png"}],"author":"Andreas Schuster","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Andreas Schuster","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#article","isPartOf":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/"},"author":{"name":"Andreas Schuster","@id":"https:\/\/www.sec4you.com\/#\/schema\/person\/b14cd48925626f5f693479b828fbc025"},"headline":"Com\u00adpa\u00adri\u00adson: Black\u00adbox Test, White\u00adbox Test, Gray\u00adbox&nbsp;Test","datePublished":"2022-05-25T19:28:25+00:00","dateModified":"2022-11-06T08:38:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/"},"wordCount":5253,"image":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#primaryimage"},"thumbnailUrl":"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png","articleSection":["Blog","Blog EN"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/","url":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/","name":"Comparison: Blackbox Test, Whitebox Test, Graybox Test - SEC4YOU","isPartOf":{"@id":"https:\/\/www.sec4you.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#primaryimage"},"image":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#primaryimage"},"thumbnailUrl":"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png","datePublished":"2022-05-25T19:28:25+00:00","dateModified":"2022-11-06T08:38:15+00:00","author":{"@id":"https:\/\/www.sec4you.com\/#\/schema\/person\/b14cd48925626f5f693479b828fbc025"},"breadcrumb":{"@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#primaryimage","url":"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png","contentUrl":"https:\/\/www.sec4you.com\/wp-content\/uploads\/2022\/05\/Black-White-Graybox-Tests.png","width":848,"height":565,"caption":"Black-White-Graybox Tests"},{"@type":"BreadcrumbList","@id":"https:\/\/www.sec4you.com\/comparison-blackbox-test-whitebox-test-graybox-test\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.sec4you.com\/en\/"},{"@type":"ListItem","position":2,"name":"Comparison: Blackbox Test, Whitebox Test, Graybox Test"}]},{"@type":"WebSite","@id":"https:\/\/www.sec4you.com\/#website","url":"https:\/\/www.sec4you.com\/","name":"SEC4YOU","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sec4you.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sec4you.com\/#\/schema\/person\/b14cd48925626f5f693479b828fbc025","name":"Andreas Schuster","description":"Als Experte f\u00fcr Informationssicherheit \/ Informationssicherheits-Managementsysteme (ISMS), IT-Sicherheit, Authentifizierung, sowie PKI und Verschl\u00fcsselung verf\u00fcgt er \u00fcber mehr als 20 Jahre technische Erfahrung in Serverinfrastruktur sowie Unternehmensnetzwerkarchitektur. Seine ausgezeichneten Kenntnisse in ISO 27001 und ISA 6 \/ TISAX erm\u00f6glichen es ihm, Kunden in NIS-2 Umsetzungen und bei InfoSec Zertifizierungsprozessen effektiv zu unterst\u00fctzen. Zudem ist er hervorragend mit europ\u00e4ischen Zertifizierungsstellen vernetzt.","sameAs":["https:\/\/Verschl\u00fcsselt.IT","https:\/\/www.linkedin.com\/in\/andreas-schuster-3885b18\/"],"url":"https:\/\/www.sec4you.com\/en\/author\/aschuster4you\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/posts\/4774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/comments?post=4774"}],"version-history":[{"count":2,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/posts\/4774\/revisions"}],"predecessor-version":[{"id":4776,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/posts\/4774\/revisions\/4776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/media\/4443"}],"wp:attachment":[{"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/media?parent=4774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/categories?post=4774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sec4you.com\/en\/wp-json\/wp\/v2\/tags?post=4774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}