Black Box Testing in Penetration Testing
This article is the part of series “Ethical Hacking Student Guide Series.” Don’t forget to subscribe with Hackers Enigma to stay updated.
Black box is a second type of penetration testing which is something “real hackers thing” In black box testing a professional ethical hacker is hired to perform test on a network. He just do not know anything about the network, OS, anything …
With this zero knowledge he is completely kept in dark about system information hence the test is named as black box. This ethical hacker try to perform passive attack gathering which included gaining information about organization, its employees & technical details about the servers from outside.
This is performed like any other black hat hacker does for some criminal activity.
This test is more effective compared to white box testing & really tests the ethical hacker’s knowledge about penetrating the system.
Penetration testing needs highly trained & experienced professional as this test is quite risky & performed under observation of organizational officials.
Before performing any such tests legal permissions must be taken from their Internet Service Provider (ISP) & from local cops if necessary. The agreements are signed between ethical hacker & organization. And things should be clearly defined on what to do & what not to, for making circumstances workable to an ethical hacker.
Concept is simple but the actual work needs some experience. Its process is complex & involves many things that you see for the first time so newbie or fresher in this field can not take the responsibility of performing a back box
White Box Testing in Ethical Hacking
This article is posted under the ‘Ethical Hacking Student Guide Series’ Don’t forget to subscribe to be updated.
White box testing is the form of penetration testing as I explained before; it is performed with the full knowledge of subjected network or system. Ethical hackers are hired for this purpose which could be freelancers or from professional firms which carries out such tests for you.
Analysis of Network
Ethical hackers when comes to some company it gives him the full access to network. He first studies the network, and gathers following data about the network.
1. Operating systems running on all computers
2. Types of networks & number of networks
3. Information about current security measures applied.
4. Takes the previous reports of network security managers or ethical hackers.
5. He gets the all addresses of all database security & application servers.
By taking all this data ethical hacker prepare the actual map of the network & use it for further security application.
Security Measures in White Box
The security measures are common in both white box & the black box testing but what they know about the system matters much more that what they apply after. So white box in plain simple words is just a penetration test having complete knowledge of sytem.
Why To Apply White Box Text?
White box allows reduce waste of ethical hackers’ time in mapping the network. Because mapping network is very time consuming. If he have to complete the complete network securing in less time or have a closer deadline then it is preferred to have a white box test. Again, one more important thing is he directly work on finding new & unique vulnerabilities in the system which are undetectable by Vulnerability scanners.
Why Not to prefer White Box Test?
White box is not what actually a criminal hacker perform. And if we are suppose to track the criminal hackers mind & the way he works, black box is the thing exactly what we should go for. Without knowing anything about network ethical hackers gathers information from outside & attack on system & finds possible threats to system or network.
