Editing White-box testing (section)

== Hacking ==
In [[penetration test]]ing, white-box testing refers to a method where a [[white hat hacker]] has full knowledge of the system being attacked.<ref>{{cite web |title=A Penetration Testing Model |url=https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Penetration/penetration_pdf.pdf?__blob=publicationFile&v=1 |publisher=Federal Office for Information Security (BSI)}}</ref> The goal of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. For such a penetration test, administrative credentials are typically provided in order to analyse how or which attacks can impact high-privileged accounts.<ref>{{cite web |last1=Baran |first1=Ewelina |title=Types of penetration testing |date=20 February 2023 |url=https://www.blazeinfosec.com/post/types-of-penetration-testing/ |publisher=Blaze Information Security GmbH |access-date=12 September 2024}}</ref> Source code can be made available to be used as a reference for the tester. When the code is a target of its own, this is not (only) a penetration test but a [[Code audit|source code security audit]] (or security review).<ref>{{cite web |last1=Sullivan |first1=James |title=What is Code Audit: Understanding its Purpose and Process |url=https://www.oneseventech.com/blog/code-audit |publisher=17 Web Dev, LLC |access-date=12 September 2024}}</ref>