An enterprise has hired an outside security firm to conduct penetration testing on its network and applications.
The firm has been given all the developer's documentation about the internal architecture.
Which of the following BEST represents the type of testing that will occur?
A.
Bug bounty B.
White-box C.
Black-box D.
Gray-box.
B.
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications.
The firm has been given all the developer's documentation about the internal architecture.
Which of the following BEST represents the type of testing that will occur?
A.
Bug bounty
B.
White-box
C.
Black-box
D.
Gray-box.
B.
The correct answer is B. White-box testing.
White-box testing is a testing technique where the tester has access to the internal architecture, design, and source code of the system being tested. This type of testing is also known as clear-box testing or structural testing.
In this scenario, the outside security firm has been given all the developer's documentation about the internal architecture, which means they have access to the system's source code and design. This access allows the firm to thoroughly test the system's security features, weaknesses, and vulnerabilities.
Bug bounty programs are initiatives offered by organizations to incentivize individuals to find and report security vulnerabilities in their systems. Participants in bug bounty programs are typically not given access to the system's source code or design.
Black-box testing is a testing technique where the tester has no prior knowledge of the system being tested. Testers using this technique do not have access to the system's source code or design.
Gray-box testing is a hybrid testing technique where the tester has partial knowledge of the system being tested. The tester has some knowledge of the system's design and architecture but not access to its source code.
Therefore, the most appropriate testing type for this scenario is white-box testing.