Black box: Network access without NAC access, and nothing else, external attacker POV

Grey box: Employee who doesn’t work in the IT department.

White box: Full access to all systems, configs, build documents etc. source code if web apps are in scope

Other types of assessments:

• Security Audits
• Bug Bounties
• Red Team
• Purple Team

Vulnerability Assessment

Methodology

Adapted from: https://purplesec.us/wp-content/uploads/2019/07/8-steps-to-performing-a-network-vulnerability-assessment-infographic.png

Assessment Standards