A Whitebox test is in which the attacker has pre-loaded with information or network access going into the engagement that would be difficult to obtain on their own.
Benefits of WhiteBox Testing
1) Less time and money is spent on the discovery, reconnaissance and enumeration portions of the test, leaving more time and money to be spent on breaking applications, network devices, people, etc.
2) The threat posed by insiders is often underestimated by organizations that entrust them to physical and logical access to IT resources. By its very nature, whitebox testing allows the attacker to be one step closer to the internal environment and may help uncover vulnerabilities in internal applications that a blackbox test might not.
Blackbox test is in which only a small amount of an organization’s information is provided, or only that which is readably uncovered via Internet searches and making phone calls into the organization include
1) Provides the best ‘real-world’ perspective of the organization from an external attacker’s perspective
2) Naturally forces the attacker to spend time uncovering information on the organization that is public or able to be social engineered out of employees or partners. By analyzing the results of this process, an organization will learn a tremendous amount about how an attacker can gain a foothold in the organization starting from scratch, and then be able to take steps to mitigate or remediate those vulnerabilities.