During scoping the type of test, it is important to know the different type of tests and what they consist of; this can be broken down into three groups:
- White-box penetration testing: Here, the tester has complete access and in-depth knowledge of the system being tested. The testers work with the client and have access to insider information, servers, software running, network diagrams, and sometimes even credentials. This test type is normally used to test new applications before they are put into production and are routinely conducted as part of the Systems Development Life Cycle (SDLC); this helps to identify vulnerabilities and remedy them before rolling out to production.
- Black-box penetration testing: In the black-box penetration testing approach, only high-level information is made available to the tester. The tester is totally unaware...