When assessing vulnerability, we follow a methodology – also used when assessing general technological systems – which is wider and more comprehensive than traditional ethical hacking. Apart from the snapshot-like assessment, it also examines the system from a security viewpoint, all the while requiring less documentation form the client compared to traditional system assessment. The guarantees provided by this methodology are, however, much better than those of a traditional ethical hacking inspection.
There are several different approaches regarding vulnerability assessment, which might be employed independently or in a combined manner. Black box testing simulates external, uninformed attacks. Grey box texting simulates internal attacks committed by general insider users in possession of a limited range of information. Finally, white box testing analyses the possibilities that a privileged insider having access to complete information would possess if he were to attack.