as a 







Black Box

The goal of a black box intrusion test, also called pen test, is succeeding to get into a system (the box) without having any prior information, such as a hacker discovering the system for the first time.

The pen tester has no knowledge of the environment and, from the outside, tries to find out how to get into the target system as an outside attacker.​

Black box tests are most often used on showcase sites (with no member area) because no additional information would be required for the hacker to go further and perform an attack.

​​​​Black box tests therefore assess the risks and the kind of information the hacker would be able to obtain and thus to highlight the risks incurred in the case of an attack.

Grey Box

The method known as "grey box" consists in trying to penetrate the system with a limited amount of information on the organization and its information system. This makes it possible to check the vulnerabilities of a system by mimicking a site user or a collaborator of the company having internal access to some information. This could be the starting point of a hacker who would have managed to get access to a user account within the organization.

In general, during Grey Box test, the pentester is given identifiers and passwords allowing him to go beyond the authentication step. This approach is used in the case of a commercial site or a non-commercial site with a member area or customer area.

The pentester does not start completely in the dark. By having a limited amount of information, he can more easily simulate attacks and go beyond what he could have done in Black Box mode.

Cyber Penetration

Penetration testing (pen-testing) is the process of evaluating an organization’s cyber security infrastructure resiliency by simulating attack vectors by hackers and cyber criminals. The pen-test is performed to identify both weaknesses in infrastructure and personnel policy and procedures response latency. A cyber penetration test can be performed internally as well as externally to not only test the weaknesses of all areas within the network but also executing an attack that acquires some form of trophy. The importance of cyber penetration testing is to define the point in time attack that gives the client a review of how mature the organization is in defending itself against a potential bad actor. The importance of a cyber penetration testing is the ability to gauge the effects of remediation efforts from an INFOSEC and or a Risk Assessment.