This blog post Emil Kylander Edwartz contain what white box penetration testing is, how to get started and how to build a methodology for it.