Grey box penetration testing is an audit that stages a malicious third-party service with some relevant information on your company such as IP addresses or API endpoints. These information could be specified by your CISO.

With a grey box penetration test, testing speed is slightly quicker than a black box penetration test since the tester has more information. However, it makes up for this drawback with a broader and more efficient assessment of a target system’s security. Moreover, since testers are not entirely in the dark, they can simulate attacks more efficiently and go beyond what would be possible in the black box mode. A grey box penetration test achieves a good balance between the efficiency of the black box method and the depth of the white box approach.

Methodology

  • Fuzzing
  • Exploitation
  • Post-Exploitation
  • Lateral Movement