So basically Black-Box tests require no access to the code. We will operate completely as if we are a hacker from the outside. This also means some exploits might remain undiscovered, due to requiring code access. Thus increased risk.
A White-Box test requires full access to the code, which allows us to do a more in depth review end find a lot more exploits and bugs. It also helps to clean up the code and make it run a lot faster.
A Grey-Box is basically a mix where it’s essentially a Black-Box where we ask little snippets of the code here and there. Where needed.