It is based on the systematic execution of procedures and test cases aimed at detecting the presence of known vulnerabilities. By just interacting with the perimeter (inputs and outputs) of the target system, the methodology usually does not require a particular knowledge of the running software (black box approach). The procedures can be partially automated under appropriate conditions, but, in general, they require supervision and often the direct intervention of an experienced penetration tester.
SOURCE: The future of Cybersecurity in Italy: Strategic focus areas Projects and Actions to better defend our country from cyber attacks Laboratorio Nazionale di Cybersecurity CINI - Consorzio Interuniversitario Nazionale per l’Informatica