There are a range of alternatives that you can consider when deciding on the kind of assessment that best suits your goals. Keep in mind of course that these broad categories are not set in stone, and that it may suit you to undertake an assessment which includes elements of each of the categories described below.
Uninformed or blind assessments are assessments for which the assessor has no information about the target of assessment, other than (in most cases) its location. Blind assessments are somewhat limited because they are generally conducted within a fixed time-frame. An uninformed assessor may not discover all vulnerabilities within that fixed time frame, whereas an attacker with more time on their hands may in fact find it at a later date.
Some clients prefer blind assessments because they require little preparation and have the appearance of being done from the perspective of an Internet-based attacker. This is fine, but it is worth keeping in mind that just because an uninformed assessor does not find a vulnerability in n days, that does not mean that a real attacker will not discover it in n+1 days.
Informed assessments are assessments for which the assessor understands the details of the target of assessment. The assessor will generally begin an informed assessment by reviewing design, policy, and/or as-built implementation documentation. In addition, the assessor will generally have access to the target; the access may be privileged (root, admin, etc.) or unprivileged (for example, a general user of a web application). The exact number and kinds of information, accounts and other information that can be used during an informed assessment will depend upon the scope and aims of the assessment (remember we noted above that many clients have specific goals and requirements).
Informed assessments may offer better value for money than uninformed assessments, since the reconnaissance and vulnerability discovery phases of the assessment should be much more effective and efficient than is the case in an uninformed assessment. This is because the assessor can spend time reviewing the correctness and completeness of design and implementation documentation, and clarifying details with the client.
Fit for purpose
Assessments which include elements from the above two core groups include source-code assessment (perhaps the most informed assessment of all), audits (where policy and procedural documentation are compared to actual implementation), and others. Each client has their own goals and requirements. The key is to a successful assessment is early agreement and documentation of the scope, cost, goals, methodology and desired outcomes.