conceptintermediateReviewed May 18, 2026
Gray-box testing
Use credentials, tokens, headers, or sessions for authenticated assessment.
What you provide
- Login credentials.
- Bearer tokens.
- Custom headers.
- Cookie sessions.
- Notes about allowed use and host applicability.
Best for
- Authenticated web apps.
- API authorization testing.
- Role boundary testing.
- Customer portal and admin surface review.