What are the types of penetration tests?
- White box pen test: Ethical hackers are provided with background and system information, such as employee emails, operating systems, security policies or source code. This type of security testing could be said to mimic insider threats.
- Black box pen test: Security professionals are provided basic or no information beyond the target’s name. This means the pen testers only have access to information they can gather through vulnerability scanning, OPSEC failures, social engineering and external security posture analysis. This mimics outside attackers attempting to gain access to your organization.
- Grey box pen test: A combination of a white box and black box test, where limited knowledge of the target is shared with the pen tester. This type of security testing can help determine which systems are vulnerable to attackers who are able to gain initial access to your internal network.
- Covert/double-blind pen test: Describes a situation where very few people know a pen test is happening, including the IT and security teams who will be responding to the attack.
- External pen test: This is when an ethical hacker targets a company’s external-facing technology, such as their website and external network servers. These types of pen tests are generally conducted from a remote location.
- Internal pen test: This test is performed from within the company’s internal network and is useful to determine how much damage could be done by an insider from within the company’s firewall.
- Targeted pen test: Penetration tester and security team work together, informing each other of steps taken to attack the target and to defend the attack. This serves as a training exercise that provides real-time feedback.