+32 50895535

Testtypes

There are three different types of security tests, we have the two extremes “White-Box” and “Black-Box” and then we have the one in between the two: “Grey-Box”.

Underneath you’ll find a comparison chart between the three.

Black-Box Grey-Box White-Box
Pentest without knowledge of the code Yes Partly No
Code reviews No Partly Full
Exploit coverage Limited Sufficient Wide
Costs Low Medium High

So basically Black-Box tests require no access to the code. We will operate completely as if we are a hacker from the outside. This also means some exploits might remain undiscovered, due to requiring code access. Thus increased risk.

A White-Box test requires full access to the code, which allows us to do a more in depth review end find a lot more exploits and bugs. It also helps to clean up the code and make it run a lot faster.

A Grey-Box is basically a mix where it’s essentially a Black-Box where we ask little snippets of the code here and there. Where needed.