What is a Black Box penetration testing service, and why is it important, when comparing offerings from different vendors?
In the video below, Mike Smith explains what a black box test entails, and when it might be a good fit for your company.
Want Mike’s recommendations on the best penetration testing service providers that your company should explore? Click below to ask him today.
About Mike
Mike Smith is the Founder and President of AeroCom and has been helping companies with telecom and cloud services since 1999. He has been the recipient of numerous business telecommunications industry awards and in 2011, he was honored as one of the top 40 business people in Orange County, CA., under 40 years old. You can also hear him as the host of the popular Information Technology podcast, ITsmiths with Mike Smith. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company is in the market for penetration testing. And you want to know where do we start?
Well, one of the things you want to think about is do you need white box penetration testing, gray box penetration testing, or black box penetration testing?
Today, I’m going to review black box penetration testing and explain what that is.
Want a shortcut?
But before I get started, just a quick reminder, if you’d like my recommendations on the best penetration testing companies your organization should be quoting, don’t Google it, just email me or call me (714.593.0011). I’m happy to help. More information on that at the end of the video.
What is Black Box?
Okay, what is a black box penetration test?
That’s a penetration test where you do not give any information to the penetration testing company. All you give them is your company name and your website, and that’s it.
And so, this really emulates a real world old attack scenario where the threat actor doesn’t have any information on your company.
And they might actually do a brute force attack on your IT infrastructure to try to create any vulnerability that they can. So they don’t know anything about your company. And they might really try to hack you every which way. So this is what might happen in the real world. This is what might go on.
It might take a long time
So the thing about this type of penetration testing, although it sounds wonderful, it could take a very long period of time because they might use all types of resources in order to hack into your company. They might use human resources. They might call into your company and try to get information. They might do phishing attacks. They might, like I said, do a complete brute force cyber attack on your IT infrastructure.
They might do all types of different things to gain access into your network or into your infrastructure. So it might take a very long period of time, but it’s going to be you telling to you in terms of where your vulnerabilities are.
So that’s a black box penetration test. It’s a test where you do not tell the tester anything other than your company name and your website address, and you let them go to work and try to break into your company’s IT infrastructure.
So there’s also white box and gray box. For information on those, watch my other videos.
More Questions?
I hope this was helpful. And if you want my recommendation on the best black box or white box or gray box penetration testing companies that your organization should be quoting, again, don’t Google it. You’ll be researching companies for hours. And you’ll probably end up with the wrong ones. I’ve been a broker in this industry for 18 years. So I know all the major players inside and out, and based on a few questions about your company, I can pretty much pinpoint which handful or small handful of companies you should be quoting.
And I’ll tell you why and I’ll introduce you to those companies and the right people of those organizations and make sure that they give you a great quote. The nice thing is too, is I won’t charge you a dime for my services. The actual vendors pay our company our broker fees. So no reason, no excuse not to at least reach out to me via email or phone (714.593.0011), and see what I might say about which vendors I recommend.
But yeah, I hope this video is helpful. If so, don’t forget to like it and subscribe to our channel, so we get rid of all those commercials. I’ll catch you on the next one.
Related Content
Penetration Testing Services Comparison: What should your report look like?
When you're comparing penetration testing services for your organization, what should the final report […]
Penetration Test vs. Vulnerability Scan: What is the difference?
What is the difference between a penetration test and vulnerability scan, for cybersecurity?
In the […]
Penetration Testing Services Comparison: What is Physical Security pen testing methodology?
What is physical security penetration testing methodology?
In the video below, Mike continues his video […]
Penetration Testing Services Comparison: What is Social Engineering Pen Testing Methodology?
What is "social engineering" penetration testing methodology?
In his latest video, Mike continues his […]
Penetration Testing Services Comparison: What is Internal Penetration Testing?
What is "Internal" Penetration Testing?
In the video below, Mike continues his video series on […]
Penetration Testing Services Comparison: What is an External Pen Test?
What is an external pen test?
In the video below, Mike continues his video series on penetration testing […]