Types of Penetration Tests
There are several types of penetration tests; however, the following are the ones most commonly
performed:
Network Penetration Test
In a network penetration test, you would be testing a network environment for potential security
vulnerabilities and threats. This test is divided into two categories: external and internal penetra-
tion tests.
An external penetration test
would involve testing the public IP addresses, whereas in an inter-
nal test, you can become part of an internal network and test that network. You may be provided
VPN access to the network or would have to physically go to the work environment for the pen-
etration test depending upon the engagement rules that were defined prior to conducting the test.
Web Application Penetration Test
Web application penetration test is very common nowadays, since your application hosts critical
data such as credit card numbers, usernames, and passwords; therefore this type of penetration test
has become more common than the network penetration test.
Mobile Application Penetration Test
The mobile application penetration test is the newest type of penetration test that has become
common since almost every organization uses Android- and iOS-based mobile applications to
provide services to its customers. Therefore, organizations want to make sure that their mobile
applications are secure enough for users to rely on when providing personal information when
using such applications.
Social Engineering Penetration Test
A social engineering penetration test can be part of a network penetration test. In a social engi-
neering penetration test the organization may ask you to attack its users. This is where you use
speared phishing attacks and browser exploits to trick a user into doing things they did not intend
to do.
Physical Penetration Test
A physical penetration test is what you would rarely be doing in your career as a penetration tester.
In a physical penetration test, you would be asked to walk into the organizationβs building physi-
cally and test physical security controls such as locks and RFID mechanisms.
t.me/png_anonymous_tech
There are several types of penetration tests; however, the following are the ones most commonly
performed:
Network Penetration Test
In a network penetration test, you would be testing a network environment for potential security
vulnerabilities and threats. This test is divided into two categories: external and internal penetra-
tion tests.
An external penetration test
would involve testing the public IP addresses, whereas in an inter-
nal test, you can become part of an internal network and test that network. You may be provided
VPN access to the network or would have to physically go to the work environment for the pen-
etration test depending upon the engagement rules that were defined prior to conducting the test.
Web Application Penetration Test
Web application penetration test is very common nowadays, since your application hosts critical
data such as credit card numbers, usernames, and passwords; therefore this type of penetration test
has become more common than the network penetration test.
Mobile Application Penetration Test
The mobile application penetration test is the newest type of penetration test that has become
common since almost every organization uses Android- and iOS-based mobile applications to
provide services to its customers. Therefore, organizations want to make sure that their mobile
applications are secure enough for users to rely on when providing personal information when
using such applications.
Social Engineering Penetration Test
A social engineering penetration test can be part of a network penetration test. In a social engi-
neering penetration test the organization may ask you to attack its users. This is where you use
speared phishing attacks and browser exploits to trick a user into doing things they did not intend
to do.
Physical Penetration Test
A physical penetration test is what you would rarely be doing in your career as a penetration tester.
In a physical penetration test, you would be asked to walk into the organizationβs building physi-
cally and test physical security controls such as locks and RFID mechanisms.
t.me/png_anonymous_tech