Question

You might have heard people in the cybersecurity industry mention black-box and white-box testing. Black-box testing is testing the software from the outside in. Like a real-life attacker, these testers have little understanding of the application’s internal logic. In contrast, in gray-box testing , the tester has limited knowledge of the application’s internals. In a white-box review , the tester gets full access to the software’s source code and documentation.

你可能听过电脑安全行业的人提到黑盒和白盒测试。黑盒测试是从外部测试软件。像真正的攻击者一样，这些测试人员几乎不了解应用程序的内部逻辑。相比之下，灰盒测试，测试人员了解应用程序的部分内部逻辑。在白盒测试中，测试人员可以完全访问软件的源代码和文档。

Usually, bug bounty hunting is a black-box process, since you don’t have access to an application’s source code. But if you can identify the open source components of the application or find its source code, you can convert your hunting to a more advantageous gray-box or white-box test.

通常，漏洞赏金狩猎是一个黑盒过程，因为你无法访问应用程序的源代码。但如果你能识别应用程序的开源组件或找到其源代码，你就可以将你的狩猎转化为更具优势的灰盒或白盒测试。