A penetration test can be broken down into several phases, which vary by organization and by whether the test is internal or external:
- Agreement phase
- Planning and reconnaissance
- Gaining access
- Maintaining access
- Evidence collection and report generation
Why are penetration tests important?
A penetration test gives security teams real experience of dealing with an intrusion. Because it can be conducted without informing staff, it lets management check whether security policies are genuinely effective in practice – much like a fire drill.
Testing often reveals gaps in a security policy. For example, many policies focus heavily on preventing and detecting an attack but neglect how to evict an attacker; a test might show that, although attacks were detected, security personnel could not remove the attacker quickly enough to prevent damage.
Penetration testers think like real-world attackers and try to get in by any means possible, which can surface major vulnerabilities your security or development team never considered. The resulting reports help you prioritize future security investment, and can be used in training – when developers see how an attacker broke in, they are far more motivated to avoid similar mistakes.
Types of penetration testing – by knowledge of the target
Black Box
When the tester has no knowledge of the target, it is a black-box penetration test. This takes more time, and the tester relies heavily on automated tools to find vulnerabilities and weak spots.
White Box
When the tester is given complete knowledge of the target – IP addresses, controls in place, code samples, operating system details, and so on – it is a white-box penetration test. It requires less time than black-box testing.
Grey Box
When the tester has partial information about the target – such as some URLs or IP addresses, but not complete knowledge or access – it is a grey-box penetration test.
Types of penetration testing – by position of the tester
- External – conducted from outside the network
- Internal – simulates an attacker who is already inside the network
- Targeted – performed by the organization’s IT team and the penetration testing team working together
- Blind – the tester is given no prior information except the organization’s name
- Double-blind – at most only one or two people in the organization know a test is being conducted
Types of penetration testing – by where it is performed
Network Penetration Testing
Network penetration testing aims to discover weaknesses and vulnerabilities in the organization’s network infrastructure. It includes firewall configuration and bypass testing, stateful analysis testing, DNS attacks, and more. Software and services commonly examined include:
- Secure Shell (SSH)
- SQL Server
- MySQL
- Simple Mail Transfer Protocol (SMTP)
- File Transfer Protocol (FTP)
Application Penetration Testing
In application penetration testing, the tester checks for security vulnerabilities or weaknesses in web-based applications. Core components such as ActiveX, Silverlight, Java applets, and APIs are all examined, so this type of testing can be time-intensive.
Wireless Penetration Testing
Wireless penetration testing covers all the wireless devices used in an organization – tablets, notebooks, smartphones, and so on – and spots vulnerabilities in wireless access points, admin credentials, and wireless protocols.
Social Engineering
Social engineering testing attempts to obtain confidential or sensitive information by deliberately deceiving an employee. There are two subsets:
- Remote testing – tricking an employee into revealing sensitive information by electronic means.
- Physical testing – using physical means to gather sensitive information.
Client-Side Penetration Testing
Client-side penetration testing identifies security issues in software running on users’ workstations. The goal is to find and exploit vulnerabilities in client-side programs such as web browsers, content-creation software, and media players.
For more information about VAPT and the role IAS can play in your security efforts, feel free to contact us, or visit our VAPT Certification frequently asked questions page.
Related Certifications
