Gray box testing is an application security testing technique that mixes white box and black box testing. In a white box assessment, the tester has complete internal knowledge of the system being tested (source code, design docs, etc.). A black box assessment is performed without any knowledge of the system’s internals.

Gray box testing splits the difference by providing the evaluator with partial knowledge of the system internals. For example, a gray box tester may not have complete knowledge of an application’s source code but may have partial knowledge of it and/or access to design documentation. This provides more insight than black box testing and less than a white box assessment.

Patron can perform your grey box penetration test.