Types of Penetration Testing

This type of network penetration testing focuses on the security of Internet-facing systems. The controls that guard technology such as websites, databases, web applications and File Transfer Protocol servers are what you may have heard of as an organization's "perimeter security." The goal of external network penetration testing is finding weaknesses in these controls as well as vulnerabilities in the systems themselves.

When pen testers probing the network from the exterior are not given detailed information nor access to source code prior to the assessments, this is considered a type of black-box penetration testing. Although throughout this writing it will be apparent that any pentesting engagement could also be of the white-box type, which gives initial access to source code, or gray-box type, which gives limited initial information. (These categories are beyond the scope of this post, as the criterion from which they arise is the information initially available, not the kind of system under assessment).

In contrast to the previous type of pentesting, this one simulates the ways an adversarial threat actor behaves after having gained access to the internal network. Importantly, these assessments can give insight into the ways an insider could intentionally or unintentionally expose the organization to risks.

Among the techniques ethical hackers may use in internal penetration testing are adversary-in-the-middle attacks (e.g., Link-Local Multicast Name Resolution (LLMNR) poisoning), stealing or forging Kerberos tickets, and IPv6 attacks.

Organizations can leverage pen testing to assess whether attackers can compromise their Wi-Fi and access their network. The search for vulnerabilities often involves assessing access points, wireless clients and wireless network protocols (e.g., Bluetooth, LoRa, Sigfox). Common findings are weaknesses in encryption and Wi-Fi Protected Access (WPA) key vulnerabilities. The techniques ethical hackers may use include brute force, compromising wireless devices and deploying rogue access points within the network.

The Internet of Things (IoT) is a system that involves the interaction of plenty of different conventional assets (e.g., cloud services, operating systems, applications) with the various smart devices connected to the same network. In this case, additional effort is required to control possible attack vectors. These are different from those of the traditional IT infrastructure, since compromising any of the devices or sensors in the IoT can mean compromising the whole IoT infrastructure. Pentesting is used to gain insight on how resistant the corporate IoT is against external adversarial threats.

In penetration testing, ethical hackers might do physical inspections of IoT devices additionally to their network reconnaissance. Moreover, they may conduct firmware analysis, including assessing third-party libraries and encryption and obfuscation techniques. Therefore, penetration tests are useful to find issues such as out-of-date firmware misconfigurations and insecure protocols and communication channels.

As phones become ever so present in organizations to fulfill business operations, the security of the apps downloaded to them is a necessity. Penetration testing is used to find complex security issues, like business logic, deployment configuration and injection flaws in apps running on operating systems such as Android, iOS and Windows UI. Such manual work in combination with automation (vulnerability scanning) increases the accuracy of the security assessments, yielding low rates of false positives and false negatives.

A broad definition of "information system" includes people. Indeed, humans collect, process, store and distribute information vital to the operations of organizations. In view of this, cybersecurity is interested in people as actors who can prevent cyberattacks. Penetration testing enters this scenario as an approach to assess organizations' resistance to attacks through its personnel.