A white box assessment is typical of web application testing but can extend to any form of penetration testing. The key difference between white, black, and gray box testing is the amount of information provided to the testers prior to the engagement. In a white box assessment, the tester will be provided with full information about the application and its technology, and will usually be given credentials with varying degrees of access to quickly and thoroughly identify vulnerabilities in the applications, systems, or networks.

Not all security testing is done using the white box approach; sometimes, only the target company's name is provided to the penetration tester. Next, we will cover the fundamentals of black box testing.