You’re considering conducting a formal penetration test to expose vulnerabilities within your system, but where to start? Upon some quick research, you discover that there’s actually more than one type of penetration test— and suddenly you’re lost in a jungle of jargon, asking yourself some confusion questions:
“What’s the difference between an external vs. an internal pentesting? Which do you need? How does social engineering come into play? How is a physical pen test different from a wireless pen test? What’s the best option for you?”
Let’s explore the six main types of penetration testing and determine which are best for your business:
1. External Network Penetration Testing
This type of pentesting looks at your current wealth of publicly available information or your externally-facing assets. The assessment team tries to leverage vulnerabilities they found while screening your organization's public information, or attempts to gain access to data via external-facing assets, like company emails, cloud-based applications, and websites.
For instance, an external pentester may try to remotely breach your firewall or try to use public and private data gathered from leaked data breaches, OSINT, internally developed tools, credit bureaus, etc. to crack a password. These are the attack surfaces that a malicious hacker may try to exploit.
2. Internal Network Penetration Testing
On the flip side, some pentesters will also look for internal vulnerabilities. Under this simulation, a pentester assumes the role of a malicious “insider,” or an ill-intended employee with a certain level of legitimate access to the internal network.
These scenarios role-play what could happen should a rogue employee, contractor, or cybercriminal masquerading as a staff member attempt a hack from the inside. Pentesters look at the impact of confidential information being unwillingly disclosed, altered, misused or destroyed. Then, they use that data to recommend better controls over employees, such as enhancements to system privileges of access, improper patch management, little or no segmentation, vulnerable applications, protocol abuse (LLMNR and NBT-NS).
3. Social Engineering Testing
This type of penetration testing assesses how susceptible your staff is to exposing confidential information. Social engineering involves an attempt to gain the trust of an employee, usually by tricking them into sharing private data or performing an action that exposes data to a masked malicious actor.
Phishing emails are a prime example of a social engineering ploy. A hacker may pose as a manager (using a very similar email address), and ask an employee to share a login or transfer money under urgency. White hat penetration testers may try to exploit your staff into sharing protected information to reveal the need for more in-depth employee security training and management.
4. Physical Penetration Testing
Not all attacks are digital in nature. Physical penetration testing simulates a physical breach of your security controls by an intruder. Assessors may pose as a delivery personnel to attempt to gain access into your building, or quite literally break into your office to provide proof of real-life vulnerabilities.
This type of penetration testing looks far beyond just physical theft and also considers sneaky threat actors, like those who may plug a malware-injecting device like a USB Ninja Cable into a computer to tap into your network.
5. Wireless Penetration Testing
Some organizations are the victims of wireless security breaches. Anyone within the given vicinity of your wireless internet connection could “eavesdrop” on the wireless traffic flowing across your organization by exploiting a vulnerability in your network.
Unfortunately, tools for wireless hacking are now available in full-blown suites that offer simple “point and click” usability— so that even novice hackers can access data. A wireless pentest helps to ensure your WiFi and wireless devices/protocols are properly safeguarded.
6. Application Penetration Testing
This type of pentesting focuses on vulnerabilities within your applications: from their design and development to implementation and actual use. Assessors look for flaws in the apps’ security protocol, including missing patches or exploited holes in externally-facing web applications, applications that run on internal networks and the applications that run on end-user devices and remote systems.
Because hacking techniques and application updates evolve daily, it’s important to frequently test your apps for new vulnerabilities— and to understand that scanners alone just don’t cut it— as they usually only only capture “the low hanging fruit” problems in software code.
The Red Teaming Strategy: A Holistic Approach to Pentesting
Red teaming refers to a military reference, whereas attackers (the red team) compete against defenders (the blue team). Savvy organizations hire external, independent assessors to play as Team Red, who poise a simulated attack on your systems and networks— using a combination of the six types of penetration testing above to improve your forces against actual adversaries.
Impressively, Kevin Mitnick and the Global Ghost Team maintain a 100% success record of exposing vulnerabilities during pentesting. In test after test, we prove that even the most well-protected organization have holes in their defenses that need improvement. We don’t just think your system has weaknesses, we know it. Thankfully, we’re on your side and consider ourselves your partner in raising your organization's security posture.
Learn what your risks are and how to mitigate them by exploring our Penetration Testing Services today.