The IT Law Wiki
in: Definition, Testing, Cybersecurity

Glassbox test

Sign in to edit

Definition[]

A glassbox test is

one where the tester is made knowledgeable about how the box works. The tester can see into the box, understand the mechanisms, and, therefore, can more effectively design an attack that may be successful. This test more closely simulates an insider attack. The glassbox test is also better able to evaluate more controls at deeper layers of a firm's defense-in-depth model.[1]

References[]

  1. Report on Cybersecurity Practices, at 22.
Community content is available under CC-BY-SA unless otherwise noted.