Beyond Information Security

White box test

A white box test refers to a penetration test conducted with internal knowledge. For this purpose, not only the applications and platforms used are communicated to the tester, but also detailed information on source texts, configuration files, and processes. This allows structured attacks to be directed to certain parts of the infrastructure, eliminating the need for footprinting.

Disadvantage of the method: by focusing on very specific information, it is possible that other weaknesses may be overlooked.