The purpose of grey box testing is to look for vulnerabilities resulting from improper design or improper use of applications. The grey box test is a combination of white box and black box testing. With this method, we most often examine applications and networks about which testers already have partial knowledge and access to certain elements of the operating system.
In the case of a web application scan, the grey box approach means that all user levels associated with the application are scanned. The system contains the amount of data (usually test data) needed for the test. With the knowledge of the operator of the examined application, we perform the work in a time period that adapts to the operation / load of the site.
Injecting attacks play an important role in the OWASP approach of the assessment, but we also examine the inappropriate authorization separation between the user levels. In this case, it may turn out that a malicious user may have access to other users' orders, personal, or even health / payment information. It is generally true that the vast majority of data loss incidents is caused by dissatisfied employees.
In the case of network testing, the essence of the grey box method is to check the elements of the network designated for testing in possession of sufficient information to use the system. Examples of such information are the structure of the network and the description of the subnets, the software in use, the authorization management system set up and the login details of the test users.
An important element of this assessment is also to check the privilege escalation from the authorization levels. The results of the test provide effective support to system operators. Interoperability of network segments can be a common problem here, as of unauthorized data access on shared folders is a big concern, too.