Different methodologies may be used while pen testing a network and web application. Some of them are listed as follows.
Black box
In black-box testing, the pen tester is given the role of a hacker. We are not provided with any details of the internal network, any inside IP scheming details, nor any diagrams or maps of the network. We have limited knowledge and are told that we have to pen test a specific network whose IP address is known. The pen tester then makes their way in by using different tools. First of all, the pen tester gathers information, finds any vulnerabilities, and then prepares a penetration test report.
Gray box
Gray-box testing is the technique in which the pen tester has some access to the internal network. We may be given a map of the system and any documentation of the services running. The purpose of gray-box testing is to save the time of the pen tester and make a more effective penetration test exercise than black-box testing...