Security testing is the primary job of ethical hackers. These tests might be configured in such way that the ethical hackers have no knowledge, full knowledge, or partial knowledge of the target of evaluation (TOE).

No Knowledge Tests (Blackbox)

No knowledge testing is also known as blackbox testing. Simply stated, the security team has no knowledge of the target network or its systems. Blackbox testing simulates an outsider attack as outsiders usually don’t know anything about the network or systems they are probing. The attacker must gather all types of information about the target to begin to profile its strengths and weaknesses. The advantages of blackbox testing include

• The test is unbiased as the designer and the tester are independent of each other.
• The tester has no prior knowledge of the network or target being examined. Therefore there are no preset thoughts or ideas about the function of the network.
• A wide range of resonances work and are typically done to footprint the organization, which can help identify information leakage.
• The test examines the target in much the same way as an external attacker.
• The disadvantages of blackbox testing include
• It can take more time to perform the security tests.
• It is usually more expensive as it takes more time to perform.
• It focuses only on what external attackers see, while in reality, most attacks are launched by insiders.

Full Knowledge Testing (Whitebox)

Whitebox testing takes the opposite approach of blackbox testing. This form of security test takes the premise that the security tester has full knowledge of the network, systems, and infrastructure.

This information allows the security tester to follow a more structured approach and not only review the information that has been provided but also verify its accuracy. So, although blackbox testing will typically spend more time gathering information, whitebox testing will spend that time probing for vulnerabilities.

Partial Knowledge Testing (Graybox)

In the world of software testing, graybox testing is described as a partial knowledge test EC-Council literature describes graybox testing as a form of internal test. Therefore, the goal is to determine what insiders can access. This form of test might also prove useful to the organization as so many attacks are launched by insiders.

Types of Security tests

Several different types of security tests can be performed. These can range from those that merely examine policy to those that attempt to hack in from the Internet and mimic the activities of true hackers. These security tests are also known by many names, including

• Vulnerability Testing
• Network Evaluations
• Red Team Exercises
• Penetration Testing
• Host Vulnerability Assessment
• Vulnerability Assessment
• Ethical Hacking

No matter what the security test is called, it is carried out to make a systematic examination of an organization’s network, policies, and security controls. Its purpose is to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of potential security measures, and confirm the adequacy of such measures after implementation. Security tests can be defined as one of three types, which include high-level assessments, network evaluations, and penetration tests.

Tags: ethical hackers, Penetration testing, Red Team Exercises, security testing, Vulnerability Assessment, Vulnerability Testing