M*D*: Penetration Test Types

Cleo Williamson

Compare and contrast the three different types of penetration test types, black box, white box and gray box. Identify situations when one test is preferred over the other. Draw on the materials you read in this module to justify your perspectives. Research and include supporting materials from credible sources that support your thoughts.

Penetration Test Types

This topic is one that is talked about a lot between security professionals. I want to talk about each one and then I will compare and contrast. The Black Box model follows a stochastic approach to the attack. This signifies that there are many more unknowns or variables to be learned when utilizing this modus operandi of attack than when one uses other approaches. The White Box approach is another attack method that may be used by the Ethical Hacker. This is a more deterministic plan of attack than the Black Box one. What is meant by this is that the White Box ethical hacking team will have much more information divulged to them prior to the penetration test, so there will be fewer unknowns or variables. The Gray Box approach is essentially a hybrid attack model. It incorporates elements of both the Black Box and the White Box methods. These are the three penetration models, the Black Box Model, the White Box Model and the Gray Box Model.

Concerning the Black Box model, It was stated that this penetration test is only revealed to a very few members of the network security team in order to ascertain their response to the attack. However, it must also be mentioned that the Black Box model also presupposes that the Ethical Hacker has limited knowledge of the network (gula, 2001). This forces the ethical hacking team to gather a lot of information about the company from various sources prior to launching the penetration attack. With respect to the White Box approach, it was indicated that this model presupposes an expansive amount of knowledge about the company and its network. It was stated that the scope of the pre-attack information gathering might include interviews, access to internal network assets, physical security inspections and security policy evaluations (gula, 2001). The last category of attack models is the Gray Box model. This model combines elements of both the Black Box model and the White Box model providing a hybrid method of attack. In other words, knowledge concerning some areas will be clearly defined.

REFERENCE:

AL alwi, Hadi - Nasser (2015). Hacker's personality characteristics Retrieved from

https://sites.google.com/site/progamusingbyhacker/home/hacker-s-personality-characteristics

Gula, Ron (2001) Broadening the Scope of Penetration Testing Techniques: The Top 14 Things Your Ethical Hackers-for-Hire Didn’t Test. R”, Retrieved from http://www.enterasys.com/products/Whitepapers/security/9012542.pdf

Reference (2016) what is the definition of "ethical obligation?" Retrieved from https://www.reference.com/world-view/definition-ethical-obligation-a1bb89f13aa062f4