Black box penetration is conducted from outside — the by a pentester — with zero preliminary knowledge of an infrastructure and/or applications. In BBP, pentesters pay attention to break into the perimeter defense of an infrastructure; in case of application testing, they focus on inputs entering into the software and outputs it generates. BBP is also known as dynamic application security testing (DAST)