You have ordered a penetration test on the company's website from a third-party IT security consultant. Your web administration team has created a stand-alone test network to ensure the penetration test does not cause issues on the live website. Other than the IP address of the web server, you have not provided the penetration testers with any other information. What type of test best describes this scenario?
This type of penetration test is known as a black-box test. In this approach, the testers are given little to no prior information about the target system. For example, they are not provided with details like the web server type or access to the source code. Instead, the testers must perform reconnaissance to gather information and probe for vulnerabilities, simulating an attack from an external threat actor with no inside knowledge.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is reconnaissance in a black-box test?
Open an interactive chat with Bash
How does a black-box test differ from a white-box test?
Open an interactive chat with Bash
Why is a stand-alone test network important in penetration testing?