Skip to main content

Types of Penetration Tests

 

Types Of Penetration Tests And Their Description

Depending on the scope of the testing, there are a number of different types of tests that might be performed. The differences in these tests lies chiefly in the amount of information the penetration testing team has prior to the rest itself.

External Testing

  • External Testing simulates an attack on a target company's servers and devices which are externally visible (visible from the internet). This type of test determines if an outside attacker can get into the network, and if so, how deeply into the system they can breach. An external penetration test attempts to break into domain name servers (DNS), web servers, email servers, and get through firewalls.

Internal Testing

  • Internal Testing simulates an attack from within an organization, carried out by an authorized user with some level of access privilege, such as an angry employee or someone acting as a "corporate spy." This test is from within the boundaries of the firewall, as is good for determining the security of intellectual property, customer lists and other business information that needs to stay on premises even when an employee leaves.

Targeted Testing

  • Targeted Testing, or "Lights On" testing, is a penetration test in which the pen test team works with the organization's IT personnel and has a full view of the network and all devices on it. A targeted test isn't real world in nature, but it does expose a deeper level of system flaws than blind or double blind testing.

Blind Testing

  • Blind Testing simulates a real world attack by limiting the amount of information the pen test team is given prior to the test. Hence, the pen test team has to perform reconnaissance on the target and then figure out attack vectors and methodologies. Blind Testing is typically expensive due to the time and effort must be spent on researching the organization to be tested.

Double-Blind Testing

  • Double-Blind Testing involves a pen test team attempting to breach an organization, and very few people at the organization are even aware that there is a penetration test being conducted. Double-Blind tests the ability of an organization to identify and respond to a threat.

Black Box Testing

  • Black Box testing is a Blind Test as applied to software application rather than a system.

White Box Testing

  • White Box Testing is similar to a Targeted Test, but again, as applied to a software application. The penetration testing team is given access to source code and other information regarding the application's structure and workings.


Share To Your Friends And Learn Together With Us

Comments

Popular posts from this blog

What is BLACK WINDOWS 10 V2 windows based penetration testing os,and what are its features.Download link inside

                         Black Windows 10 V2

Mechatronics notes btech. GATE Notes.