Grey Box (Test Type)

IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. The grey-box test type is usually the most popular approach for an IT security audit. The testers obtain partial information of the systems (e.g. the IP addresses) and the administrators are informed about the planned tests. This approach allows speeding up the audit by avoiding wasting precious project time.

Back to the glossary overview