In a black-box testing assignment, the penetration tester is positioned in the part of the typical hacker, with no inner knowledge of the target organization. Testers are not providing with any architecture diagrams or source code that is not openly available. A black-box penetration test controls the vulnerabilities in an organization that are exploitable from external network.
This resources that black-box penetration testing trusts on dynamic analysis of presently running lists and organizations within the target system. A black-box penetration tester must be aware with automatic scanning tools and methodologies for manual penetration testing. Black-box penetration testers want to be skilled of generating their own map of a target organization based on their observations since no such diagram is provided to them.
The partial information provided to the penetration tester makes black-box penetration tests the fastest to run, since the period of the assignment mostly depends on the tester’s skill to locate and exploit vulnerabilities in the target’s outward-facing services. The main problem of this approach is that if the testers cannot breach the edge, any vulnerabilities of inner services remain undiscovered and unpatched.