Black Box vs White Box Test

BlackBox Security Testing

• The tester has no knowledge of the technology or frameworks that the application is built on.
• The application is tested from outside in.
• This type of testing represents the hacker approach.
• This, in one sense, could be called as reverse engineering.

WhiteBox Security Testing

• The tester has access to the underlying framework, design and implementation.
• The application is tested from the inside out.
• This type of testing represents the developer approach.