2022 Ultimate Security Guide for Small Businesses. Read Now

7 Types of Penetration Testing to Zero in on Vulnerabilities

A penetration test simulates the actions of a hacker in a cyber attack against your computer systems in order to find exploitable vulnerabilities. Insights gained from the penetration test can be then used to enhance the computer systems or software in scope. This guide discusses 7 major types of penetration testing based on the type of scope covered.

Network Penetration Test

This type of penetration test is one of the most common in the industry. The goal of a network pentest is to discover security vulnerabilities and gaps in the network infrastructure being tested.

Network penetration testing is commonly divided into internal and external network penetration testing subcategories. The former is used to gauge what an attacker with access to internal networks could achieve and the later being typically used to test perimeter defenses. Attack scenarios for internal pentesting, if defined, can be compromised remote employee machines with VPN access to internal networks, malicious insiders, breached perimeter defenses, or other similar vectors.

Network pentesting generally includes various techniques such as:

– Testing firewall config and bypass including tests for bypassing egress and ingress rules;

– Enumeration of the network

– IPS/IDS Evasion Attacks

– Router attacks

– SSH attacks

– Attacks against databases

– DNS level attacks

– Attacks against file sharing systems such FTP and SMTP

– MitM attacks

– Other application layer & lower layer protocol security testing

Web Application Penetration Test

Unlike network penetration testing which covers all application layer protocols, web application pentesting mostly focuses in onto the HTTP/HTTPS protocols only. Some pentesting vendors, such as Black Belt Security, also offer testing backend components such as databases in the scope even though these typically use other protocols and require a broader skillset.

When testing web interfaces, ethical hackers include testing for vulnerabilities such as these:

– SQL injection

Cross-site scripting (XSS)

– Cross-site request forgery (CSRF)

– Broken authentication and/or authorization

– Strength of supported TLS ciphers and protocols

– Improper disclosure of secrets

– XML External Entity (XXE) Processing

– Vulnerable software components

– Remote code execution (RCE)

Host & Embedded Device Penetration Test

Host and embedded device penetration testing focuses on testing the security of a single host or device – be it a router, and smart watch or an a host in an internal network of an organization. IoT devices are commonly included in this category. This type of penetration testing borrows skills from network penetration testing as listeners present on the device are assessed for security. If the host includes a web interface, it is also commonly tested. However, unlike network and web application penetration testing, device pentesting also can include techniques such as the following:

– Local privilege escalation

– Outbound connections from device

– Host hardening checks

– Firmware security testing

Thin and Thick Client Penetration Test

 Penetration testing of thin and thick clients is used to discover vulnerabilities or security weaknesses in client-side applications. Unlike in host penetration testing, the operating system and firmware are typically kept out of scope for this type of testing. The types of software tested could be a program or applications such as email clients, web browsers, executables, and others.

Mobile Application Penetration Test

With mobile devices prevalent in today’s world, mobile application penetration testing has gained popularity. This type of testing leverages techniques such as:

– Network communication analysis;

– Resource handling analysis;

Reverse engineering;

– Secure data handling analysis.

Social Engineering

Social engineering testing attempts to ascertain the organization level of readiness to social engineering attacks such as phishing and vishing. Instead of focusing on software and firmware, social engineering testing focuses on people and processes.

Physical Penetration Test

Physical penetration testing  evaluates an organization’s defenses to physical threats such as a robbery or other physical intrusion. This type of testing simulates threat scenarios where a bad actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and/or employees.

Learn More

To learn more about different types of pen testing check out our Ultimate Guide to the Different Types of Penetration Testing here.

Thanks for reading: 7 Types of Penetration Testing to Zero in on Vulnerabilities
7 Types of Penetration Testing to Zero in on Vulnerabilities

About BB-SEC

We are a North Carolina-based cyber security consulting firm, specializing in premium quality services such as penetration testing, code reviews, and architecture reviews. Find out more about our most in-demand services:

Popular Post Categories

More Posts

What is a Secure SDLC?

What is a Secure SDLC?

A secure SDLC is a software development lifecycle that includes security at every stage of development from inception to retirement. The goal

Reflected Cross-Site Scripting (Reflected XSS)

Reflected XSS Cross-Site Scripting

What is Reflected Cross-Site Scripting (XSS)? Reflected Cross-Site Scripting vulnerabilities are a subcategory of XSS vulnerabilities. Reflected XSS attacks occur when an

What is SSL?

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are protocols for maintaining a secure internet connection and protecting any

Share this Post

Browse More Posts