How much information does RedTeam Pentesting need from us?

The type and extent of necessary information vary depending on the requested type of penetration test. Different terminologies are used for this purpose, the definitions of which are unfortunately not standardised and thus may be understood differently. Often mentioned are closed box and open box tests (formerly black box and white box). RedTeam Pentesting’s understanding of these terms can be found in this FAQ.

RedTeam Pentesting typically recommends providing information that is relevant to the planned penetration test. Pentests conducted as closed box tests potentially suffer from the issue that unintended third parties could be inadvertently involved without their consent. Additionally, providing technical details before the test allows for a quicker and more efficient discovery of vulnerabilities relevant to a company’s security. It should always be assumed that real, serious attackers may have already obtained or can obtain the necessary information with sufficient lead time. The specific information required for conducting an efficient penetration test is individually coordinated in a preliminary meeting.