What type of penetration test is conducted when minimal information about the target organization is provided?

A black box penetration test is conducted with minimal to no prior knowledge about the target organization. In this approach, the testers are treated as external attackers, simulating the actions of a malicious entity trying to compromise the system without any internal insights or information. This method mimics real-world conditions where attackers do not have an inside perspective, thereby providing a thorough assessment of the organization's security posture.

By not providing the testers with detailed information about the network architecture, systems, or security policies, the organization can evaluate how effective their defenses are against unseen attackers and assess their readiness to respond to potential security breaches. This style of testing highlights vulnerabilities that could be exploited without insider knowledge, allowing for a more realistic evaluation of the security measures in place.