Grey Box:Penetration testing encompasses the approaches above. Still, it is closer to black box testing. A customer partially shares information on their network, such as user login details or the network’s overview. In case of penetration testing of a web app, a testing engineer will try to discover potential entry points. Some of them are freely available (file download form, feedback form), some are for corporate users only (authentication form). The company may provide the testing engineer with a corporate account to move deeper into the network.