Black Box - White Box - Gray Box - what is the difference?

There are 3 types of penetration testing.  White Box, Black Box, and Gray Box.  

White Box penetration testing is done with the full knowledge of the IT department.  Usually in a white box scenario, the company or IT department will share information with the penetration testing team.  Network diagrams, IP addresses, system configurations, and access credentials are usually included in the information provided to a white box pen team.  This type of testing allows the testers to test the different roles of users and look for any vulnerabilities.

Black Box penetration testing is done without the information provided in a white box scenario.  A black box testing scenario most closely simulates an actual malicious hacking attack.  Black Box testing teams will use a variety of tools and methods to find weaknesses in a target system.

Gray Box penetration testing is a combination of white and black box testing.  Gray Box testing team will be given some information about the targeted network, but not everything.  

Three different approaches, but each is working towards the same basic end - identify vulnerabilities.