You have ordered a penetration test on the companies website from a 3rd party IT Security consultant. Your web administration team has created a stand-alone test network to ensure the penetration tests do not cause issues on the live website. Other than the IP address of the web server you have not provided the penetration testers with any information. What type of test best describes this scenario?
This type of penetration test is known as a black box test. In this scenario the tests have little to no information on how the website works. For example they are not given the type of web server or access to the source code. Instead the 'attackers' will have to gather information and test different attack methods to see what works and what doesn't.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a black box test in penetration testing?
Open an interactive chat with Bash
What are the differences between black box and white box testing?
Open an interactive chat with Bash
Why is it important to isolate the penetration test network from the live website?