Pentesting 101 – What is a Pentest?

Fabiola Munguia
March 10, 2021

What is penetration testing?

Penetration testing, or pentesting, is like a general inspection for your car, except instead of a car you diagnose the security of your applications. To do so, you higher consultants with hacking experience.Those “good hackers” (often called ethical hackers, white hat hackers) can find the vulnerabilities in your system or app. At the end, customers will get a through report for further actions and bug fixing tips. After fixing all the bugs, the customer can get a re-test. A re-test is sometimes offered for free, sometimes costs a small sum (often 5-20% of the pentest cost).

What is usually pentested?

You can pentest web and mobile applications, networks (infrastructure), APIs, and even IoT devices like smartwatches, smart TVs, smart machines, etc.

What is the difference between White Box, Gray Box and Black Box penetration testing?

There are different levels of in-depth hacking or so-called penetration testing strategies:

White Box pentest:

White-box testing goes by several different names, including clear-box, open-box, auxiliary and logic-driven testing. Penetration testers are given full access to source code, architecture documentation, credentials to enter the system. White- box pentesters will check not only internal security but also from the outside – by hacking into systems without proper accesses. For that they use both static and dynamic analysis. White-box testing is the slowest and most comprehensive form of pentesting.

Black Box pentest:

Testers do no have any information about the target and have to “hack” the system like a regular hacker. This means that black-box penetration testing relies on dynamic analysis of currently running programs and systems within the target network. They have to create network maps on their own. The limited knowledge provided to the penetration tester makes black-box penetration tests the quickest to run, since the duration of the assignment largely depends on the tester’s ability to locate and exploit vulnerabilities in the target’s outward-facing services.

Grey Box pentest:

Testers have access to knowledge level of a user. Meaning the gray-box pentesters typically have some knowledge of a network’s internals, potentially including design and architecture documentation and an account internal to the network. Having the basic knowledge about the target, testers can focus the afford on assessment of the most critical systems.

Synonyms for penetration test: pentest, ethical hacking service, red team assessment, bug bounty, etc.

Image source:

written by
Fabiola Munguia
Co-Founder of requestee and creative thinker.

Compare and find the pentesting company you trust

No credit card required.
Oops! Something went wrong while submitting the form.