A penetration test simulates the actions of a hacker in a cyber attack against your computer systems in order to find exploitable vulnerabilities. Insights gained from the penetration test can be then used to enhance the computer systems or software in scope. This guide discusses 7 major types of penetration testing based on the type of scope covered.
Check out Black Belt Security's top of the line offensive security services. Reach out to us with any questions.
This type of penetration test is one of the most common in the industry. The goal of a network pentest is to discover security vulnerabilities and gaps in the network infrastructure being tested.
Network penetration testing is commonly divided into internal and external network penetration testing subcategories. The former is used to gauge what an attacker with access to internal networks could achieve and the later being typically used to test perimeter defenses. Attack scenarios for internal pentesting, if defined, can be compromised remote employee machines with VPN access to internal networks, malicious insiders, breached perimeter defenses, or other similar vectors.
Network pentesting generally includes various techniques such as:
- Testing firewall config and bypass including tests for bypassing egress and ingress rules;
- Enumeration of the network
- IPS/IDS Evasion Attacks
- Router attacks
- SSH attacks
- Attacks against databases
- DNS level attacks
- Attacks against file sharing systems such FTP and SMTP
- MitM attacks
- Other application layer & lower layer protocol security testing
Unlike network penetration testing which covers all application layer protocols, web application pentesting mostly focuses in onto the HTTP/HTTPS protocols only. Some pentesting vendors, such as Black Belt Security, also offer testing backend components such as databases in the scope even though these typically use other protocols and require a broader skillset.
When testing web interfaces, ethical hackers include testing for vulnerabilities such as these:
- SQL injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Broken authentication and/or authorization
- Strength of supported TLS ciphers and protocols
- Improper disclosure of secrets
- XML External Entity (XXE) Processing
- Vulnerable software components
- Remote code execution (RCE)
Host and embedded device penetration testing focuses on testing the security of a single host or device – be it a router, and smart watch or an a host in an internal network of an organization. IoT devices are commonly included in this category. This type of penetration testing borrows skills from network penetration testing as listeners present on the device are assessed for security. If the host includes a web interface, it is also commonly tested. However, unlike network and web application penetration testing, device pentesting also can include techniques such as the following:
- Local privilege escalation
- Outbound connections from device
- Host hardening checks
- Firmware security testing
Penetration testing of thin and thick clients is used to discover vulnerabilities or security weaknesses in client-side applications. Unlike in host penetration testing, the operating system and firmware are typically kept out of scope for this type of testing. The types of software tested could be a program or applications such as email clients, web browsers, executables, and others.
With mobile devices prevalent in today's world, mobile application penetration testing has gained popularity. This type of testing leverages techniques such as:
- Network communication analysis;
- Resource handling analysis;
- Reverse engineering;
- Secure data handling analysis.
Social engineering testing attempts to ascertain the organization level of readiness to social engineering attacks such as phishing and vishing. Instead of focusing on software and firmware, social engineering testing focuses on people and processes.
Physical penetration testing evaluates an organization's defenses to physical threats such as a robbery or other physical intrusion. This type of testing simulates threat scenarios where a bad actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and/or employees.