In the field of offensive security the terms Black-, Grey and White-Box Testing are frequently used. But what do they mean?
During a penetration test configuration or assessment, the terms Black-Box, Grey-Box and White-Box are frequently used.
They occur with the following pentests for instance:
Perspective of an external attacker without knowledge about the target. The attacker does not have documentation nor credentials.
Perspective of an attacker with deeper knowledge of the target, e.g., a valid application user with access to the target.
Perspective of a developer or auditor with access to internal documents and the source code of the target.