Unlike White Box Penetration testing, Black Box Penetration testing is done with no knowledge of the internal systems of organisation.
While this does make the ‘starting point’ the same as a potential hacker trying to exploit the same network, it also dramatically increases the time required in terms of effort and also the time period over which the project will run.
Given this, a Black Box penetration test is typically only recommended for companies with a significant security requirement and a budget to match.
Upon completion of a black box penetration test, in the unlikely event the perimeter was not breached, it is still recommended that a white box penetration test is carried out because perimeter breach will always be a significant risk in the future.