It is a type of test that allows a higher level of access and more internal information than the black box test. Relatively, a black box tester is trying to infiltrate the system and steps in from an external point of view, while the gray-box tester has low-level credentials, application logic, some internal accesses and information already given. The important point here is that a user access information is never given to the gray box tester. The tester is taken to a room in the institution (meeting room, etc.) where there is a WiFi or Network cable but a high level of security is received. Here, the tester tries to infiltrate the system horizontally and vertically, with the information he obtains in both cable and WiFi environment. In the meantime, user information can be obtained. With the user information obtained, applications, servers, active network devices and databases can be entered into systems.