It involves performing automated or semi-automated non-invasive scans, conducted using automated tools and manual checks, in order to detect the presence of known vulnerabilities.
It's based on inferential techniques attack designed to identify known or unknown issues undetectable simply by scanning tools and automated analysis.
From outside, verifying the services exposed on the internet
From inside the customer network
With the White Box technique the Ethical Hacker is previously informed by the Customer, about infrastructure and available services. The Ethical Hacker won't execute the first step concerning the Information Gathering, because he will already know the system, softwares and available services. This technique requires less time to execute vulnerability assessment and penetration test. This test is also more accurate because during the attack step, the Ethical Hacker can focus his attention on the specified target.
When we talk about Gray Box, we talk about an intermediate approach; with this technique the Ethical Hacker has a general knowledge about how the infrastructure is organized and what data structures are used. In this way it's possible to execute more targeted test rather than Black Box approach, but obviously, considering that there isn't the code knowledge, tests will be less accurate than White Box technique.
The Black Box technique is very similar to a real attack from an external Hacker, because tester doesn't have any information about infrastructure and target to analyze. This is the real simulation of an ill-intentioned hacker that has to collect information about the infrastructure (services, software, firewall, etc...). The Black Box technique requires more time because the Ethical Hacker doesn't know the infrastructure at all.
Intended for the Customer's executive staff, it provides strategic and easy to read directions on security situation found as a result of analysis.
This is the formal documentation concerning executed tests and reports in detail results of work done, technical details and most significant evidence.
A document that formalize all the vulnerabilities detected during the Ethical Hacking, providing an useful tool for resolution of critical issues.