1
00:00:01,140 --> 00:00:07,740
‫Now, one of the basic questions of a penetration test is what should a pen tester, I think you understand

2
00:00:07,740 --> 00:00:10,800
‫the word by now, the person who performs the pen test.

3
00:00:11,670 --> 00:00:16,620
‫What should the pen tester know about this system that he or she will test?

4
00:00:17,950 --> 00:00:23,350
‫There are typically different approaches, according to the knowledge that the pen testers have.

5
00:00:24,400 --> 00:00:31,210
‫A black box pen test requires no previous information and usually takes the approach of an uninformed

6
00:00:31,210 --> 00:00:38,230
‫attacker in a black box pen test, the pen tester has no previous information about the target system.

7
00:00:40,220 --> 00:00:46,160
‫Wide box testing is a pen testing approach that uses the knowledge of the internals of the target system

8
00:00:46,820 --> 00:00:55,010
‫to elaborate that test cases, for example, in application pen testing, the source code of the application

9
00:00:55,010 --> 00:01:02,870
‫is usually provided along with design information or in an infrastructure bend test, network maps,

10
00:01:02,870 --> 00:01:05,480
‫infrastructure details, etc. are provided.

11
00:01:06,610 --> 00:01:13,330
‫The goal of a white box pen test is to provide as much information as possible to the pen tester so

12
00:01:13,330 --> 00:01:20,500
‫that he or she can gain insight, understanding of the system and elaborate the test based on that.

13
00:01:21,610 --> 00:01:25,960
‫Of course, each approach has some advantages as well as some disadvantages.

14
00:01:26,470 --> 00:01:27,730
‫So let's have a look at that now.

15
00:01:29,450 --> 00:01:35,270
‫The advantage of a black box pen test is that it simulates a very realistic scenario.

16
00:01:36,290 --> 00:01:40,370
‫And these are the disadvantages of the black box pen test.

17
00:01:41,120 --> 00:01:44,750
‫Testing time cannot be maximized in certain scenarios.

18
00:01:45,770 --> 00:01:49,430
‫Some areas of the infrastructure might remain untested.

19
00:01:51,190 --> 00:01:56,770
‫The advantages of a white box bend test are you can perform a deep and thorough test.

20
00:01:57,730 --> 00:02:04,480
‫It maximizes the testing time, so you don't need to spend time to find out the system information.

21
00:02:06,350 --> 00:02:14,630
‫It extends the testing area where black box testing cannot reach, such as the quality of code, application

22
00:02:14,630 --> 00:02:15,590
‫design, et cetera.

23
00:02:16,950 --> 00:02:22,860
‫Now, some people might think that the white box approach is not realistic as the pen testers.

24
00:02:23,160 --> 00:02:27,540
‫Well, just not in the same position as a non informed potential attacker.

25
00:02:28,020 --> 00:02:34,530
‫Don't agree with this, though, because there might be some inside attackers or a hacker might have

26
00:02:34,530 --> 00:02:42,060
‫access on an insiders computer, and he or she can potentially learn all the information of the system.

27
00:02:42,300 --> 00:02:42,720
‫Got it!