Tweet
A Blackbox Penetration Test is a No Knowledge test.
The tester has no prior knowledge of the network or target being examined.
The test is unbiased as the designer and tester are independent of each other.
A wide range of reconnaissance work is done to footprint the target.
This situation is designed to closely emulate the situation an actual attacker would encounter as they would presumably have an extremely low level of knowledge of the target going in.
This is also called a "blind" penetration test.
A double blind is a situation where the responsible department for the target system, is also unaware of the penetration test. Only Managers or higher ranked staff is knowledgeable.
A purpose of a double blind, is primarily to test the reaction of the responsible department. This will verify the attack is discovered, security policy is followed and internal reporting is happening.
The tester has no prior knowledge of the network or target being examined.
The test is unbiased as the designer and tester are independent of each other.
A wide range of reconnaissance work is done to footprint the target.
This situation is designed to closely emulate the situation an actual attacker would encounter as they would presumably have an extremely low level of knowledge of the target going in.
This is also called a "blind" penetration test.
A double blind is a situation where the responsible department for the target system, is also unaware of the penetration test. Only Managers or higher ranked staff is knowledgeable.
A purpose of a double blind, is primarily to test the reaction of the responsible department. This will verify the attack is discovered, security policy is followed and internal reporting is happening.