312-50V11 · Question #718
The "gray box testing" methodology enforces what kind of restriction?
The correct answer is C. The internal operation of a system is only partly accessible to the tester.. Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.
Question
The "gray box testing" methodology enforces what kind of restriction?
Options
- AOnly the internal operation of a system is known to the tester.
- BThe internal operation of a system is completely known to the tester.
- CThe internal operation of a system is only partly accessible to the tester.
- DOnly the external operation of a system is accessible to the tester.
How the community answered
(27 responses)- B4% (1)
- C85% (23)
- D11% (3)
Why each option
Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.
Knowing only the internal operation with no external perspective describes a partial white box approach, not gray box.
Complete knowledge of internal operations defines white box (clear box) testing, where the tester has full access to source code and architecture.
In gray box testing, the tester is given limited internal information - such as partial architecture diagrams, some credentials, or high-level design documents - but does not have full access to source code or complete system internals. This simulates an attacker who has obtained some insider knowledge, making it more realistic than pure black box testing while still preserving blind spots that white box testing eliminates.
Access to only the external operation with no internal knowledge defines black box testing, which simulates a completely uninformed external attacker.
Concept tested: Gray box vs black box vs white box testing definitions
Source: https://owasp.org/www-project-web-security-testing-guide/stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies
Topics
Community Discussion
No community discussion yet for this question.