Skip to main content

What are the Categories of Penetration Test?

When the scope of the penetration test is defined, the category/type of the penetration test engage-ment is also defined along with it. the entire penetration test can be Black Box, White Box, or Gray Box depending upon what the organization wants to test and how it wants the security paradigm to be tested.

Black Box
A black box penetration test is where little or no information is provided about the specified target. In the case of a network penetration test this means that the target’s DMZ, target operating sys-tem, server version, etc., will not be provided; the only thing that will be provided is the IP ranges that you would test. In the case of a web application penetration test, the source code of the web application will not be provided. this is a very common scenario that you will encounter when performing an external penetration test.

White Box
A white box penetration test is where almost all the information about the target is provided. In the case of a network penetration test, information on the application running, the correspond-ing versions, operating system, etc., are provided. In the case of a web application penetration test the application’s source code is provided, enabling us to perform the static/dynamic “source code analysis.” this scenario is very common in internal/onsite penetration tests, since organizations are concerned about leakage of information.

Gray Box
In a gray box test, some information is provided and some hidden. In the case of a network pen-etration test, the organization provides the names of the application running behind an IP; how-ever, it doesn’t disclose the exact version of the services running. In the case of a web application penetration test, some extra information, such as test accounts, back end server, and databases, is provided.
Types of Penetration Tests
there are several types of penetration tests; however, the following are the ones most commonly performed:
Network Penetration Test
In a network penetration test, you would be testing a network environment for potential security vulnerabilities and threats. this test is divided into two categories: external and internal penetra-tion tests.An external penetration test would involve testing the public IP addresses, whereas in an inter-nal test, you can become part of an internal network and test that network. You may be provided VPN access to the network or would have to physically go to the work environment for the pen-etration test depending upon the engagement rules that were defined prior to conducting the test.Web Application Penetration
TestWeb application penetration test is very common nowadays, since your application hosts critical data such as credit card numbers, usernames, and passwords; therefore this type of penetration test has become more common than the network penetration test.
Mobile Application Penetration Test
the mobile application penetration test is the newest type of penetration test that has become common since almost every organization uses Android- and iOS-based mobile applications to provide services to its customers. therefore, organizations want to make sure that their mobile applications are secure enough for users to rely on when providing personal information when using such applications.
Social Engineering Penetration Test
A social engineering penetration test can be part of a network penetration test. In a social engi-neering penetration test the organization may ask you to attack its users. this is where you use speared phishing attacks and browser exploits to trick a user into doing things they did not intend to do.Physical Penetration Test
A physical penetration test is what you would rarely be doing in your career as a penetration tester. In a physical penetration test, you would be asked to walk into the organization’s building physi-cally and test physical security controls such as locks and RFID mechanisms.
Report Writing
In any penetration test, the report is the most crucial part. Writing a good report is key to success-ful penetration testing. the following are the key factors to a good report: 1 Your report should be simple, clear, and understandable.
2 Presentation of the report is also important. Headers, footers, appropriate fonts, well-spaced margins, etc., should be created/selected properly and with great care. For example, if you are using a red font for the heading, every heading in the document should be in that style.
3 the report should be well organized.
Labels:

Comments

Post a Comment

Popular posts from this blog

40 easy ways to make money quickly

On this page you'll find all the best ways to make money in your spare time whilst at university based on our own experience. We'll keep adding new ways to this page so go ahead and bookmark it. And please do share your own ideas in the comments! Top ways to make money online and offline No-risk matched betting Hands down the quickest way to make a  lot  of money (well, without breaking the law). Lots of students have genuinely made £100s from this technique. It's completely legal, risk free, tax free, and anyone can do it. It works by taking advantage of free bets regularly offered by betting sites through ‘matching' them at a betting exchange. Matched betting eliminates the risk (you are betting both  for  and  against  a certain outcome). This leaves you being able to squeeze out the free bet, which can be as much as £200! Multiply this by how many betting sites there are and you can quite easily come away with a profit of a few hundred poun...
Post a Comment
Read more

Funny hot video

There is new funny hot  Video Play now Download Now Play Now Download Now Let's face it. Scaling your business is hard. It takes considerable effort. In the beginning, it means wearing different hats. It means dealing with sales and  marketing . It means understanding  taxes  and corporate compliance. It involves having to interact with customers on a daily basis. And so much more. At the end of the day, it takes its toll on you. If you're struggling to grow your business, there is light at the end of the tunnel. Sure, it's hard. But, what's the alternative? A life-sucking 9-to-5 job? Surely not. Okay, maybe you're longing for the security of a guaranteed paycheck. But, at what mental or emotional price will that come? The truth? If you buckle down, clear your mind, and just look at things in perspective, you can easily identify ways you can grow your business and  make more  money  quickly. While hundreds of business  gr...
Post a Comment
Read more