In a Black Box test, we have no knowledge of any of your internal information structures and are not given access to your applications or network. This test is the most similar to a real-world malicious attack, and usually requires significant time (as we need to attempt many attack methods to ensure none of them work), and deeper vulnerabilities may not be found or exploited during the time-frame of the test. However, simply because deeper vulnerabilities cannot be found doesn’t mean they don’t exist, which can result in a false sense of security that could be exploited at a later date by a hacker without time-constraints waiting for the right opportunity.

In a Grey Box test, our team replicates the activities that a hacker would undertake after they have penetrated your security perimeter and has internal access to your network. You provide us with some background information such as network infrastructure maps, application flow charts and low-level credentials, which allows for much more streamlined and efficient testing, saving time and money. This approach also allows us to focus on identifying and exploiting potential vulnerabilities in your higher-risk systems rather than attempting to discover where these systems are.

In White Box testing, we have complete access to your selected networks, systems and applications, which allows us high-level privileges and the ability to view source code. We perform both dynamic and static analyses to identify weakness across several areas such as security misconfigurations, logic vulnerabilities, poorly written software code and more. This type of penetration test is comprehensive as both internal and external vulnerabilities are identified, assessed and prioritised from a ‘behind closed doors’ perspective that is not available to most hackers.