3. White Box testing

With white box penetration testing, the professional 'hacker' is provided with all of the technical details for the system before they begin the test.

These details might include information about the operating system, hardware, configuration, database tables etc

Any 'standard' hacker would not normally have access to this type of information.

The reason for giving them to the professional is so that the test can simulate a malicious insider who has knowledge of the system. This might be a disgruntled employee or an ex-employee who has a grudge against the company.

White box penetration is the most challenging to protect against.

This is because the professional can make use of known vulnerabilities in unpatched systems. They know the software and applications running on the system. They may be aware of exploits and loopholes within the system which could give them access to everything.