I have some issues regarding the concept of black, grey and white hat.
Where and in what penetration testing methodology I can find the black, grey or white hat concept definition?
Asked
Active
Viewed 377 times
0
schroeder
- 123,438
- 55
- 284
- 319
Lucian Nitescu
- 1,802
- 1
- 13
- 27
-
3Possible duplicate of [Penetration testing methodologies](https://security.stackexchange.com/questions/118796/penetration-testing-methodologies) – tungsten Aug 23 '19 at 13:49
-
1@tungsten your recommended answer is related to methodologies but it dose not respond to my question. I asked about definition on black, grey or white hat within methodologies rather then differences between methodologies as pointed out by your "duplicate". – Lucian Nitescu Aug 24 '19 at 20:47
-
1I think the real answer is that the different "hats" are not described in a methodology at all. And that makes the proposed duplicate not helpful. – schroeder Aug 24 '19 at 20:55
1 Answers
6
When referring to black, grey and white hat the following is the definition:
White - A hacker who is hacking for profit with permission in order to test a system (This is called a penetration tester).
Grey - A hacker who works as a penetration tester but also as a illegal hacker.
Black - A hacker hacking illegally for any reason which can include all kinds of motives such as political, profit, revenge and so on...
When referring to black, grey and white box testing the definition is the following:
White - A tester has a deep understanding of the source code and the system and tries to build tailored tests to test the system
Grey - Almost same as white except the tester has less knowledge of the system and mixes black and white testing together.
Black - A tester will test the application as if he has no knowledge of application using all the normal testing techniques without diving into it deeper.
Notice: When speaking about "some_color box penetration testing" it is not common to do a grey box testing.
Bubble Hacker
- 3,615
- 1
- 11
- 20