An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?
White-box testing is a penetration testing approach where the tester is given comprehensive knowledge about the internal workings of the system. Since the enterprise has provided the security firm with all the developer’s documentation about the internal architecture, this best represents white-box testing. In this type of testing, the tester has detailed information on the architecture, design, source code, and implementation, which aligns with the situation described in the question.
White box = Know all the info Gray box = Know some of the info Black box = know none of the info
white box penetration testing also known as clear box testing or transparent box testing, is a security testing approach where the tester has complete knowledge of the internal workings of the system being tested. In white box testing, the tester has access to detailed information about the architecture, design, source code, and implementation of the application or system.
D. Gray-box
white box
B. White-box White-box testing is a type of penetration testing where the tester has full knowledge of the internal architecture, design, and implementation of the systems being tested. In this scenario, since the outside security firm has been given all the developer's documentation about the internal architecture, the testing would be considered white-box testing. White-box testing allows the tester to have an in-depth understanding of the system, enabling them to identify vulnerabilities more comprehensively.
I think it's Gray Box (Answer D) as All developer's document does not mean all document required for Network and Application.
Over thinking
Given the details, B is correct