What type of penetration testing gives the tester administrative access?

The type of penetration testing that provides the tester with administrative access is white box testing. In white box testing, the tester has complete knowledge of the system architecture, source code, and internal workings. This level of access allows them to conduct thorough assessments of security vulnerabilities, as they can evaluate all layers of the application, including how different components interact and any potential weaknesses in the underlying code.

This contrasts with other forms of penetration testing. For instance, black box testing involves simulated attacks without any prior knowledge of the system, limiting the tester's ability to identify vulnerabilities that require insider knowledge. Grey box testing is a hybrid approach, where the tester has partial knowledge, often resembling the access level of authenticated users, but not necessarily full administrative rights. Red team exercises typically simulate real-world attacks from an external adversary, emphasizing the adversarial perspective rather than administrative access to the system.

In summary, the key aspect of white box testing is the comprehensive level of access and information it provides, enabling a more in-depth security evaluation.