🍡Black Box, White Box, Grey Box Penetration Testing

The three primary scopes.

Black Box Testing - the tester is not given any information about how the application or service works.

White Box Testing - low-level process usually done by a software developer who knows application logic and programming. the tester will have full knowledge and ensures that the entire attack surface can be validated.

Grey Box Testing - the tester has partial knowledge of the internal componenets of the application or software, and will still be interacting with the application as if it was a black-box.