Unlike White Box Penetration testing, Black Box Penetration testing is done with no knowledge of the internal systems of organisation.

While this does make the ‘starting point’ the same as a potential hacker trying to exploit the same network, it also dramatically increases the time required in terms of effort and also the time period over which the project will run.

Given this, a Black Box penetration test is typically only recommended for companies with a significant security requirement and a budget to match.

Upon completion of a black box penetration test, in the unlikely event the perimeter was not breached, it is still recommended that a white box penetration test is carried out because perimeter breach will always be a significant risk in the future.

Key Points

  • Zero Knowledge Start Point

    The attack will begin with zero knowledge or assumptions, requiring significant intelligence gathering and reconnaissance.

  • Multi-Faceted

    As with white box penetration testing, multiple techniques will be used to gather intelligence and attempt to breach the network, including social engineering and black bag techniques.