conceptbeginnerReviewed May 18, 2026
Black-box testing
Assess the target like an external attacker with no credentials or source code.
When to use it
- First discovery runs.
- External attack surface review.
- Public exposure checks.
- Unauthenticated baseline scans.
Limitations
- Authenticated areas may remain untested.
- Business criticality may be unclear until users enrich discovered assets.
- The agent may need credentials or context for deeper follow-up work.