Dubbed the Cyber Warfare Attack, black box penetration test is a straightforward attack simulation where the ethical hacker has no knowledge of the system’s internal structures that he/she is attempting to compromise.
The Black-Box testing usually is executed to test on the functionality of the application.
A White-Box testing is method where the tester’s objectives are clearly defined, which is to test the applications’ internal structures and design at the source code level.
The tests usually includes data and control flow, branch and path testing as well as statement and decision coverage specifically to highlight any weaknesses or fragility in the code.
White-box testing also simulates a malicious insider who has full or partial knowledge of the system.
A Grey-Box Test is a hybrid between Black-Box and White-Box Tests. In this mode, the objectives are to seek out vulnerabilities derived from any defects from improper structure or usage of applications.
A grey-box tester partially knows the internal structure, which includes access to the documentation of internal data structures as well as the algorithms used.
Grey-box testing requires both high level and detailed documents describing the application, which they collect in order to define test cases.