White Box Audit

White box audit would include the testing team attacking the target organization with most of the information that could be gathered. Information about the setup or the IT infrastructure which any employee of the organization could be aware of would be known to the auditing team.

The time required for this audit would be much less than the other two audits, since the team is presented with transparent design. This method would also help in application design review and source code audit as well.

Black Box Audit

This method of auditing helps you understand how vulnerable the target will be to any attacker,who has no knowledge of your IT infrastructure. The team will only have information which is available for public.

It gives you a clear picture of how your security controls will perform when attacked by an outsider . It further helps in building the layers of security, which we consider to be redesigned.

Grey Box Audit

This type of auditing involves the penetration testing team trying to test the robustness of the target with little information at hand.

This might include whatever information could be gathered by a motivated attacker. With only partial setup and information we might be able to find out how the target medium might respond to attackers.