Advanced Penetration Testing Glossary

Created by: Andrea Rebora, Teaching Assistant

1. Intrusive Vulnerability Scan – An Intrusive scan tries to exploit a vulnerability.

Intrusive scans are typically much more accurate than Non-Intrusive scans, but they
can crash or alter the target.
2. Attack Surface – An attack surface is the total amount of vulnerabilities that can be
exploited to carry out an attack. Attack surfaces can be physical or digital.
3. Authenticated or Credentialed Vulnerability Scan – An authenticated or
Credentialed Vulnerability scan is vulnerability testing performed as a logged-in
(authenticated) user. A credentialed scan is a safer version of a non-authenticated
scan and it provides more detailed information.
4. Banner Grabbing – Banner grabbing is a technique used to capture the information
provided by banners, configurable text-based welcome screens from network hosts
that display system information.
5. Black box test – In a black-box testing, the penetration tester is placed in the role of
the typical attacker, with no internal knowledge of the target system. Testers are not
provided with any architecture diagrams or source code that is not publicly available.
A black-box penetration test determines the vulnerabilities in a system that are
exploitable from outside the network.
6. Common Vulnerabilities and Exposures (CVE) – Common Vulnerabilities and
Exposures (CVE) is a catalog of known security threats. The catalog is sponsored by
the United States Department of Homeland Security (DHS) and threats are divided
into two categories: vulnerabilities and exposures.
7. Exposure – An exposure is an error in software code or configuration that provides
an attacker with indirect access to a system or network. For instance, an exposure
may allow an attacker to secretly gather customer information that could be sold.
8. Grey box test – In a grey-box testing, the penetration tester has the access and
knowledge levels of a user, likely with elevated privileges on a system. Testers
typically have some knowledge of the network’s internals, including design and
architecture documentation, and an account internal to the network.
9. Hardening – Hardening is the process of securing a system by reducing its surface of
vulnerability. The more functions a system performs, the larger its surface. Reducing

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

1
 available ways of attack includes changing passwords, removing unnecessary
software and logins, and disabling or removing unnecessary services.
10. Honeynet – A honeynet is a network built with calculated vulnerabilities. Its purpose
is to invite attacks so that an attacker’s activities and methods can be studied, and that
information used to increase network security. A honeynet contains one or more
honeypots. While the primary purpose of a honeynet is to gather information about
attackers’ methods and motives, the decoy network can divert attackers from a real
network and its resources.
11. Honeypot – A honeypot is a computer or computer system intended to mimic targets
of cyberattacks. It can be used to detect attacks or deflect them from a legitimate
target. It can also be used to gain information about how malicious actors operate.
12. Network scanner – A network scanner is a tool used to find and categorize devices
running on a network. The user inputs a range of IP addresses into the tool and the
scanner determines if there is an active device present on each given IP address. One
of the most famous network scanners is Nmap, the Network Mapper.
13. Non-Intrusive Vulnerability Scan – A Non-Intrusive scan tries not to cause any
harm to the target by checking the remote service version, if the vulnerable options
are enabled, and other available information. A nonintrusive scan cannot determine
for sure if a service installed is vulnerable.
14. Penetration testing – It is the practice of testing a computer system, network, or web
application to find security vulnerabilities that an attacker could exploit. It can be
automated with software applications or performed manually. The process involves
analyzing and assessing the target, and reporting back the findings.
15. Port number – A port number is the logical address of each application or process
that uses a network or the Internet to communicate.
16. Port scanner – A port scanner is used for determining which ports on a network are
open. Using a port scanner on a network or server reveals which ports are open and
listening (receiving information), as well as revealing the presence of security devices
such as firewalls.
17. The Common Vulnerability Scoring System (CVSS) – The Common Vulnerability
Scoring System (CVSS) captures the basic characteristics of a vulnerability and
produces a numerical score reflecting its severity. This score can be translated into a
qualitative representation to help organizations assess and prioritize their vulnerability
management processes.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

2
 18. Unauthenticated or Non-Credentialed Vulnerability Scan – An Unauthenticated or
Non-Credentialed Vulnerability scan is vulnerability testing performed without using a
credentialed user.
19. Vulnerability – A vulnerability is a mistake in software code that provides an attacker
with direct access to a system or network. For instance, a vulnerability may allow an
attacker to pose as a system administrator who has full access privileges.
20. Vulnerability Assessment – A vulnerability assessment is the process of defining,
identifying, classifying and prioritizing vulnerabilities in computer systems,
applications, and network infrastructures and providing the necessary knowledge,
awareness, and risk background to the organization being examined.
21. Vulnerability Scan – A vulnerability scan is the inspection of potential points of exploit
on a computer or network to identify possible vulnerabilities.
22. Vulnerability scanner – A vulnerability scan detects and classifies system
weaknesses in computers, networks, and communications equipment and predicts the
effectiveness of countermeasures. The software compares details about the target
attack surface to a database of information about known security holes in services and
ports, anomalies in packet construction, and potential paths to exploitable programs
or scripts and attempts to exploit each vulnerability that is discovered.
23. White box test – White box testing, also known as clear-box, open-box, auxiliary and
logic-driven testing, is a type of testing where testers are given full access to source
code, architecture documentation, and other critical information. Considering the
amount of data available to identify potential points of weakness, it the most time-
consuming type of penetration testing.

References:
1. https://www.itprotoday.com/security/intrusive-vs-nonintrusive-scanning
2. https://whatis.techtarget.com/definition/attack-surface
3. https://www.tripwire.com/state-of-security/vulnerability-management/testing-scan-
credentials-for-more-accurate-vulnerability-assessment/
4. https://whatis.techtarget.com/definition/banner-grabbing
5. https://resources.infosecinstitute.com/what-are-black-box-grey-box-and-white-box-
penetration-testing/
6. https://cve.mitre.org/
7. https://www.gb-advisors.com/cyber-exposure-the-new-approach-in-digital-security/
8. https://securelayer7.net/grey-box-penetration-testing
9. https://www.techopedia.com/definition/24833/hardening

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

3
 10. https://searchsecurity.techtarget.com/definition/honeynet
11. https://us.norton.com/internetsecurity-iot-what-is-a-honeypot.html
12. https://study.com/academy/lesson/what-is-a-network-scanner-definition-use.html
13. https://www.oreilly.com/library/view/security-power-tools/9780596009632/ch03.html
14. https://searchsecurity.techtarget.com/definition/penetration-testing
15. https://searchnetworking.techtarget.com/definition/port-number
16. https://www.techopedia.com/definition/13076/port-scanner
17. https://www.first.org/cvss/
18. https://docs.tenable.com/nessusagent/7_1/Content/TraditionalScansUncredentialed.
htm
19. https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/
20. https://www.beyondtrust.com/resources/glossary/vulnerability-assessment
21. https://www.beyondtrust.com/resources/glossary/vulnerability-scanning
22. https://searchsoftwarequality.techtarget.com/definition/vulnerability-scanner
23. https://www.whitehatsec.com/glossary/content/white-box-testing

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.