17.1. Scanning Techniques
White-box testing is a methodology used when the auditor has full knowledge of the target environment. If you know all the relevant network information about the environment, such as the IP address of each system and what types of computers and network appliances exist, then you do not have to perform any discovery and can move straight into attempting to exploit systems or document threats.
Black-box testing assumes that the person auditing the network knows nothing about the environment. Because security information about an environment can be difficult to obtain, black-box testing should be conducted to assess security threats in the environment. If you're new to the environment, the first step in black-box testing ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.