As part of the SDLC, a third party is hired to perform a penetration test.
The third party will have access to the source code, integration tests, and network diagrams.
Which of the following BEST describes the assessment being performed?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The assessment being performed in this scenario is a "White box" penetration test.
Penetration testing is a type of security assessment that attempts to simulate an attack on a system or application to identify vulnerabilities and weaknesses that could be exploited by attackers. There are different types of penetration tests, and the main difference between them is the level of knowledge that the tester has about the target system before starting the assessment.
In a "Black box" penetration test, the tester has no prior knowledge of the target system and tries to gather as much information as possible through reconnaissance techniques, such as scanning and enumeration. This type of test simulates the scenario of an attacker who has no insider knowledge about the system and has to rely on external techniques to gain access.
In a "White box" penetration test, the tester has full knowledge of the target system, including access to source code, integration tests, and network diagrams, as is the case in this scenario. This type of test simulates the scenario of an attacker who has insider knowledge or has been able to obtain access to internal information about the system.
A "Regression" test is a type of software testing that verifies whether changes or updates to a system or application have introduced new bugs or caused existing ones to reappear.
"Fuzzing" is a technique used in software testing to find vulnerabilities by inputting random or unexpected data to a program to see if it will crash or exhibit abnormal behavior.
Therefore, the BEST answer to the question is C. White box.