When comparing penetration testing services, it’s important to understand gray box testing, and how it’s different from black and white box pen testing.
In the video below, Mike explains white box penetration testing, comparing it to white and black box. He also tells you why gray box is the most common type of penetration test your company can perform, for cybersecurity.
Want Mike’s recommendations on the best penetration testing companies to quote? Click below and ask him today.
About Mike
Mike Smith is the Founder and President of AeroCom and has been helping companies with telecom and cloud services since 1999. He has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in Orange County, CA., under 40 years old. You can also hear him as the host of the popular Information Technology podcast, ITsmiths with Mike Smith. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company is looking at penetration testing services, and you’re wondering where to start. Well, one of the things you need to determine right away is, do we need black box penetration testing, white box penetration testing, or gray box penetration testing? Well, today, I’m going to be explaining what gray box penetration testing is. If you want to see the others, click on my other videos and watch those about white box or black box.
Shortcut
But before I get started, just a quick reminder, if you’d like my recommendations on the best penetration testing companies you should be quoting for your, don’t Google it, just actually email me or call me (714.593.0011). I’m happy to help. More information on that at the end of the video.
Gray vs. White and Black Pen Tests
Okay. So what is gray box penetration testing? Well, as you might have guessed, it’s halfway in between a white box penetration test and a black box penetration test.
Most penetration testing services that you end up getting at the end of the day are going to be gray box, unless you go all out and you definitely want a black box penetration test. Even if you try to do a white box penetration test, it usually ends up being a gray box penetration test.
And so what it is, it’s where you give the testing company some information, but not all information. And as you can imagine, this is the most common because sometimes you try to give the testing company all the information, but you just don’t have all the information. You miss some information to give them, so there’s some is some gray air. There’s some information out there that you didn’t give them and that they find out on their own.
So with a gray box penetration test, you might give the testing company some IP address information. You’re going to have a short conversation with them and maybe give them some minor general layouts of your IT infrastructure, but not too specific. You might want to give them some information about some of your company that might be pretty vulnerable or things like that. So you’re going to have a short conversation with them, give them some information, not all the information, and that’s why it’s halfway in between a white box and a black box.
More Questions?
Again, if you want my recommendations on the best penetration testing company for your company specific needs, and you want to know which companies you should be quoting, don’t Google it, just reach out and contact me, send me an email, give me a call (714.593.0011). I’m happy to ask you a few questions. And based on that information, I can tell you the small handful of companies I’d recommend you definitely quote. And I’ll also introduce you to the best people at those companies and oversee the quoting process, make sure that they give you a great quote, make sure they don’t leave anything out.
So that’s what I do. I’m a broker for all these major service providers, I’ve been doing it for 18 years. And the nice thing is, is I don’t charge you a dime for my services. The vendors actually pay our company our broker fees. So absolutely no excuse not to at least give me a try. Reach out. I’m happy to help.
If you like the video, don’t forget to hit the like button down below, and subscribe to the channel so we can get rid of the advertisements. I’ll catch you on the next one.
Related Content
Penetration Testing Services Comparison: What should your report look like?
When you're comparing penetration testing services for your organization, what should the final report […]
Penetration Test vs. Vulnerability Scan: What is the difference?
What is the difference between a penetration test and vulnerability scan, for cybersecurity?
In the […]
Penetration Testing Services Comparison: What is Physical Security pen testing methodology?
What is physical security penetration testing methodology?
In the video below, Mike continues his video […]
Penetration Testing Services Comparison: What is Social Engineering Pen Testing Methodology?
What is "social engineering" penetration testing methodology?
In his latest video, Mike continues his […]
Penetration Testing Services Comparison: What is Internal Penetration Testing?
What is "Internal" Penetration Testing?
In the video below, Mike continues his video series on […]
Penetration Testing Services Comparison: What is an External Pen Test?
What is an external pen test?
In the video below, Mike continues his video series on penetration testing […]