White box pentesting

During white box pentesting, or what's sometimes named complete-knowledge testing, the organization gives the pentesters all required information. This type of pentesting is used when the organization wants to perform a full audit of its security and maximize the testing time. It can be done at any point to check its security position. The information provided before performing the pentesting could be, and it is not limited to the following things:

• Network information: Network typology and diagrams, IP addresses, intrusion detection systems, firewalls, and access information
• Infrastructure: Both hardware and software information is made available to the pentesters
• Policies: This is really important because every pentester has to make sure that the pentesting methodology is aligned with the organization's policies
• Current security state including previous pentesting reports