Security testing with or without prior knowledge?

Security tests are executed either with (white-box/grey-box) or without (black-box) foreknowledge. Web Security Scan advises its customers to conduct security tests with prior knowledge (white-box/grey-box), i.e. login accounts, access to the database or IP-ranges. The advantage is that security researchers have a more complete picture of the web application and/or IT-infrastructure, and are able to zoom-in on specific matters deeper and quicker, resulting in more complete and accurate findings within the available time.

Security tests without foreknowledge (black-box) simulates a real life hacking situation. However, it will take up more time to scrutinize the test object, at the expense of available time for investigating other parts that are in scope.