Professional Documents
Culture Documents
us/types-penetration-testing/#Network
05
Oct
1 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
2 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
Physical
Cyber Security (20) Firewall Web Application
Article Navigation
3 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
◦ Black Box
◦ White Box
◦ Gray Box
Security
• Types CategoriesTesting
Of Penetration
◦ Network Services
Cyber Security (20)
◦ Web Application
◦ Client-Side
Managed Security (6)
◦ Wireless
Network Vulnerabilities (9)
◦ Social Engineering
4 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
InSocial
someEngineering
cases, you(5)
may schedule penetration tests and inform sta� in advance of
the exercise. However, this wouldn’t be applicable if you want to test how your
internal security team responds to a “live” threat.
For example, red team exercises are often performed without informing sta� to test
real-world threat scenarios.
In this case, it’s important to inform the blue team lead, CISO, or upper-level
management of the exercise. This ensures the response scenario is still tested, but
with tighter control when/if the situation is escalated.
Regardless of the scenario you should conduct a penetration test with a speci�c
intent and clearly de�ne your wants and needs with the penetration testing team.
5 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
A penetration test can determine if certain objectives of the program have been
achieved such as maintaining 99.99% availability during an attack, or ensuring data
Security Categories
loss prevention (DLP) systems are blocking would-be attackers from ex�ltrating
Cyber Security (20)
data.
What IsTesting
Penetration The(11)Primary Purpose Of Penetration
Testing?
Recent Cyber Attacks (4)
Penetration testing(5)
Social Engineering has become a widely adopted security practice by
organizations in recent years.
This is especially true for industries, such as banks or healthcare providers, that
store and access sensitive or private information.
6 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
On the other hand, a software company’s security goals may vary greatly.
Security Categories
For example, application penetration testing helps to identify �aws and
Cyber Security
weaknesses (20) code that could be susceptible to an attack. Developers then
within
work to create �xes to update the codebase.
Managed Security (6)
Network Vulnerabilities
Ultimately, the business(9)goals determine the types of penetration testing
performed, which we will cover shortly.
Penetration Testing (11)
Reporting
Recent CyberOn Findings
Attacks (4)
This report should provide direction and guidance for reducing exposure to risk
while also providing actionable steps towards a resolution.
It’s important to mention that penetration testing reports are customize tailored to
meet a company’s cyber security needs based on:
7 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
When consulting with vendors, be sure to ask how they plan to present their
�ndings. The last thing you want is to pay a company $30,000 for a PDF document
with no explanation.
8 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
Security Policy Templates
Cyber Security (20)
Information Technology (IT) is an integral and critical component of daily business.
This policy seeks to ensure that IT resources e�ciently serve the primary business
Managed Security (6)
functions, provide security for members’ electronic data, and comply with federal
Network Vulnerabilities (9)
and other regulations.
Penetration tests di�er both in their approach and in the weaknesses they attempt
to exploit. The level of information provided to the pen tester will determine their
approach as well as the scope of the project.
9 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
• Black Box
Cyber Security
• White Box (20)
• Gray Box
Managed Security (6)
Black Box
Network Penetration
Vulnerabilities (9) Testing
Penetration
During Testing
a black (11)
box penetration test (also known as external penetration testing) the
pen tester is given little to no information regarding the IT infrastructure of a
Recent Cyber Attacks (4)
business.
Social Engineering (5)
The main bene�t of this method of testing is to simulate a real-world cyber attack,
whereby the pen tester assumes the role of an uninformed attacker.
10 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
A black box penetration test can take up to six weeks to complete making it one of
the longestCategories
Security types of penetration tests. Businesses can expect to pay between
$10,000 – $25,000 due to the level of e�ort involved in planning, performing,
Cyber Security (20)
testing, and completing the report.
This method of testing is also referred to as the “trial and error” approach, however,
Social Engineering (5)
there is a high degree of technical skill involved in this process.
White box penetration testing (also called clear box testing, glass box testing, or
internal penetration testing) is when the pen tester has full knowledge and access
to the source code and environment.
The goal of a white box penetration test is to conduct an in-depth security audit of
a business’s systems and to provide the pen tester with as much detail as possible.
As a result, the tests are more thorough because the pen tester has access to areas
11 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
where a black box test cannot, such as quality of code and application design.
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
Security Categories
White box tests can take two to three weeks to complete and cost between $4,000
– $20,000.
In the end, it doesn’t matter whether you perform a black box or a white box
penetration test so long as the primary goal of the test is being met.
12 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What
DuringAre The box
a gray Di�erent Types Of
penetration 2021
test, the pen Trends
tester Report
has Breach Report
partial knowledge or accessLearn
Penetration
to an internalTesting?
network or web application.
A pen tester may begin with user privileges on a host and be told to escalate their
privileges to a domain admin. Or, they could be asked to get access to software
Security Categories
code and system architecture diagrams.
Cyber Security (20)
One main advantage of a gray box penetration test is that the reporting provides a
more focused and e�cient assessment of your network’s security.
For instance, instead of spending time with the “trial and error” approach, pen
testers performing a gray box penetration test are able to review the network
diagrams to identify areas of greatest risk.
13 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
The di�erent
Security types of penetration testing include:
Categories
Cyber Security
• Network (20)
Services
• Web Application
Managed Security (6)
• Client Side
• Wireless
Network Vulnerabilities (9)
• Social Engineering
Penetration Testing (11)
• Physical Penetration Testing
These goals could range from improving awareness of social engineering attacks to
employees company-wide, to implementing secure code development to identify
�aws in software code in real-time, or meeting regulatory or compliance
obligations.
14 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
Security Categories
Network
The main Vulnerabilities
purpose is to (9)
identify the most exposed vulnerabilities and security
weaknesses in the network infrastructure (servers, �rewalls, switches, routers,
Penetration Testing (11)
printers, workstations, and more) of an organization before they can be exploited.
Recent Cyber Attacks (4)
• Router Attacks
• SSH Attacks
15 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
• Database Attacks
What
• Man Are The
In The Di�erent
Middle Types
(MITM) Of
Attacks 2021 Trends Report Breach Report Learn
Penetration
• Testing?
FTP/SMTP Based Attacks
16 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
These types of tests are far more detailed and targeted and therefore are
Security Categories
considered to be a more complex test. In order to complete a successful test, the
Cyber Security
endpoints (20) web-based application that interacts with the user on a regular
of every
basis must be identi�ed.
Managed Security (6)
Network
This Vulnerabilities
requires (9) of e�ort and time from planning to executing the test,
a fair amount
and �nally compiling a useful report.
Penetration Testing (11)
Recent
The Cyber Attacks
techniques of web(4)application penetration testing are continuously evolving
with time due to the increase in threats coming from web applications day by day.
Social Engineering (5)
This threat has expanded greatly since the outbreak of COVID-19, resulting a 600%
increase in cybercrime.
17 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Agile code deployment is the preferred method over large batch deployments, as
the more variables introduced into the code in a single deployment, the more
Security Categories
opportunities there are to create bugs or errors leading to security vulnerabilities.
Cyber Security (20)
As a result, technical debt forms, where developers gradually spend more time
Managed Security (6)
implementing �xes to problems then they do develop new features or updates.
Network Vulnerabilities (9)
It’s not uncommon for enterprise software companies to employ pen testers to
continuously test their code. Google, as well as other tech giants, o�er a reward for
�nding and reporting on vulnerabilities within their applications.
18 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
Client-side tests are performed to identify speci�c cyber attacks including:
• Open Redirection
Recent Cyber Attacks (4)
• Malware Infection
19 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
Wireless penetration tests are typically performed onsite as the pen tester needs to
Security Categories
be in range of the wireless signal to access it. Alternatively, a NUC and WiFi
Pineapple can be deployed onsite to remotely perform the test.
Cyber Security (20)
Managed
Why Security
Should (6)
You Perform A Wireless Penetration Test?
Before
Socialperforming a wireless penetration test you should consider the following:
Engineering (5)
• Have all access points been identi�ed and how many use poor encryption methods?
• Is the data �owing in and out of the network encrypted and if so, how?
• Is there any possibility the IT team could have miscon�gured or duplicated a wireless
network?
• What are the current measures in place to protect the wireless network?
20 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
persuade or trick users into giving them sensitive information, such as a username
What Are The Di�erent Types Of
and password. 2021 Trends Report Breach Report Learn
Penetration Testing?
Security Categories
• Phishing Attacks
• Vishing
• Smishing
• Tailgating
• Name Dropping
• Pre-texting
• Dumpster Diving
• Eavesdropping
• Gifts
21 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Social engineering tests and awareness programs have proven to be one of the
Security Categories
most e�ective methods of mitigating an attack.
Cyber Security (20)
For example, KnowBe4, the popular email phishing platform, simulates an email
Managed Security (6)
phishing attack. When the user clicks on the link they’re taken to a page that
Network
informs Vulnerabilities
them that it was (9)a phishing test.
Remediation training is then provided to help educate and inform users on the most
current cyber attacks and how to avoid them.
22 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Security Categories
23 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
Are you ready to work together? Get a no-obligation consultation to meet your
What Are The
penetration Di�erent
testing Types Of
needs. 2021 Trends Report Breach Report Learn
Penetration Testing?
Related Articles
• How
CyberToSecurity
Perform(20)
A Successful Network Vulnerability Assessment
No Comments
Post a Comment
Comment
24 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
25 of 26 21-09-2021, 13:36
Firefox https://purplesec.us/types-penetration-testing/#Network
What Are The Di�erent Types Of 2021 Trends Report Breach Report Learn
Penetration Testing?
Security Categories
26 of 26 21-09-2021, 13:36