Penetration Testing Overview
What is a Penetration Tester?
A Penetration Test is an organized, targeted, and authorized attack that tests a business/company's infrastructure, employees, and other technologies to determine security vulnerabilities. A penetration test uses real world techniques that malicious actors use to find vulnerabilities before those actors compromise the business's infrastructure.
External vs. Internal Penetration Test
External Pentest
The penetration test is performed external from the company's network. This tests the external network perimeter's security and is more realistic to how a malicious user would gain access. Certain pentests may also be purposely "noisy" to test the company's blue team.
Internal Pentest
The penetration test is performed from within the company's internal network. This stage may occur after a successful external pentest, or you may start from within the company's network.
Types of Pentests
Type | Information Provided |
---|---|
|
|
|
|
|
|
| May include physical testing and social engineering, among other things. Can be combined with any of the above types. |
| It can be combined with any of the above types. However, it focuses on working closely with the defenders. |
Last updated