There are different types of security assessments based on the role of the consultant. "Black-box" assessments assume zero knowledge on the part of the consultant and typically require more generalist security assessment skills (such as experience with network inventory and vulnerability scanning tools and techniques). "White-box" typically implies application source code review by experienced software developers (and/or automated code review tools). It may also imply access to design/specification documentation not normally available to an outsider. "Gray-box" is a hybrid of the black-box and the white-box. This information should be prepared by the client in advance of starting work.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.