Black box testing
Black box testing is the most extensive type of pentesting because the tester does not receive any information about the systems or IP addresses used. This requires a tremendous footprinting effort, for example, employees of the customer must be lured via phishing emails on websites to find out the client’s IP address. This method is prohibited by law in Germany, as it usually involves checking various systems that do not belong to the client.