types-of-penetration-testing

Types of Penetration Testing

1 Comment / CyberSecurity, ECSA / By

Penetration Testing

Types of Penetration testing, Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit. Penetration test (or “pen-testing”) exposes the gaps in the security model of an organization and helps organizations reach a balance between technical prowess and business functionality from the perspective of potential security breaches. This can help in disaster recovery and business continuity planning.

It simulates methods used by intruders to gain unauthorized access to an organization’s networked systems and then compromise them and involves using proprietary and open-source tools to conduct the test. Apart from automated techniques, penetration testing involves manual techniques for conducting targeted testing on specific systems to ensure that there are no security flaws that previously might have gone undetected. In the context of penetration testing, the tester is limited by resources; namely, time, skilled resources, and access to equipment as outlined in the penetration testing agreement.

Related Product:- EC-Council Security Analyst v10 | ECSA


A penetration test or pen test is an intentionally planned attack on a software or hardware system seeking to reveal the inherent security flaws which will violate system integrity and end up compromising user’s confidential data. During this post, we are discussing differing kinds of penetration tests so you recognize what to hide. You can also learn the related blog of ECSA v10 (EC-Council Security Analyst v10) for more knowledge.

Types of Penetration Testing is a part EC-Council Security Analyst(ECSA) training you learn the cyber security attacks and their impact.

Types of Penetration Testing

The types of penetration testing depend on the amount of information the pen-testing team is given about the organization, prior to the test. One can conduct any of the pen testing types either externally (conducted against Internet-facing hosts) or internally (conducted against hosts inside the organization’s internal network). If we want a complete test, then testing both externally and internally is a must. The three types of penetration testing are as follows

Black-box Testing (Zero-Knowledge Testing)

In order to simulate real world attacks, pen-testers can choose to undertake black-box testing (or zero knowledge testing, with no information or assistance from the client), and map the network while enumerating services, shared file systems, and operating systems discreetly. Additionally, the pen-tester can perform “war dialing” (scanning and dialing a list of phone numbers) to detect listening modems, and “war driving” (physically driving around an area to find wireless networks) to discover vulnerable access points, provided these activities are legal and within the scope of the project.

In black-box testing, the pen-testers have only the company name. The tester thereafter uses fingerprinting methods to acquire information about the inputs and the expected outputs but is not aware of the internal workings of a system. Testers carry out this test after extensive research of the target organization. Black-box testing simulates an external attacker. Designing test cases are difficult without clear and concise specifications, but it is done once the specifications are complete. This test simulates the process of a real hacker. Black-box testing (also known as “functional testing”) is time-consuming and expensive.

What Are two types of penetration testing?

Blind testing :- In the blind testing, the pen-tester has limited information or knows nothing about the target, but the target is informed of an audit scope (what, how, and when the pen-tester will be testing) prior to performing the test. Blind testing simulates the actions and procedures of a real hacker. The pen-testing team attempts to gather as much information as possible about the target organization from the Internet (company’s website, domain name registry, online discussion board, USENET, etc.) and other publicly accessible sources. Pen testers start audit of the target organization’s security based on the collected information. Tough, blind testing provides a lot of inside information (such as Internet access points, directly accessible networks, publicly available confidential /proprietary information, etc.) about the organization that may have been otherwise not known, but it is more time consuming and expensive, as a lot of effort is involved to research the target. Example: Certified Ethical hacking, war-gaming, etc.

Double-blind :- In double-blind testing (also known as ‘zero-knowledge testing”), neither the pen-tester knows about the target nor the target is informed of an audit scope (what, how, and when the pen-tester will test) prior to test execution. In other words, both parties are blind to the test. Most of the security assessments today are based on double-blind testing strategy, as it validates the presence of vulnerabilities that can be exploited and the ability of the target’s individuals, processes, and tools to recognize and react appropriately to the penetration attempts made. Example: Black-box auditing, penetration testing, etc.

White-Box Testing (Complete-Knowledge Testing)

The organization may give complete information about its network to the pen-testers if it wants to assess its security against a specific kind of attack or a specific target. The information provided can include network-topology documents, asset inventory, and valuation information.

Typically, an organization would opt for this when it wants a complete audit of its security. It is critical to note that despite all this, information security is an ongoing process and penetration testing gives a snapshot of the security posture of an organization at any given point in time. Security professionals may perform white-box testing with or without the knowledge of IT staff. The top management must approve the test if it does not involve the organization’s IT staff.

Also Read:- Top 10 Most Common Types of Cyber Attacks

Organizations generally provide the following information for white-box testing:

Company infrastructure:- This includes information related to the different departments of an organization. Penetration testers have the Information related to hardware, software, and controls in an organization.
Network type:- The network-type information could be regarding the organization’s LAN and the topology used to connect the systems. It could also be information regarding access to remote networks or the Internet.
Current security implementations:- Current security implementations are the various security measures adopted by an organization to safeguard vital information against any kind of damage or theft.
IP address firewall/IDS details:- This information includes details of the IP addresses
An organization uses, the firewalls used to protect data from unauthorized users, and other important technical details about the network. Organizations generally provide the firewall and IDS policies to the penetration tester.
Company policies:- An organization may provide business continuity and IT security
Policies to the pen testers, depending on the nature of the test. Security policies, legal policies, and labor policies can all be useful to the penetration tester.

Grey-Box Testing (Partial-Knowledge Testing)

grey-box testing combines the methodologies of both black-box and white-box testing. It is the most common approach to test the vulnerabilities that an attacker can find and exploit. In certain cases, organizations would prefer to provide the pen-testers with partial knowledge or information that hackers could find, such as the domain-name server. This information can also include an organization’s publicly perceived asset and vulnerabilities. The pen-testers may also interact with system and network administrators.

Grey-box pen testing provides a full system inspection, from both the developer’s and a malicious attacker’s perspectives. It is a simulation of a systematic attack by outside intruders or malicious insiders with limited access privileges, are two ways to perform the above mentioned penetration tests:

Announced Testing

Announced testing is an attempt to compromise systems on the client’s network with the full cooperation and knowledge of the IT staff. This type of testing examines the existing security infrastructure for possible vulnerabilities.
Announced penetration testing helps a penetration tester in the following ways:
• A penetration tester can easily acquire a complete overview of the infrastructure of The organization.
• A penetration tester may be given the kind of physical access provided to different employees in the organization.
• A penetration tester may get a clearer picture of measures applied to information and system security of the organization.

Questions related to this topic

  1. What does a penetration tester need to know?
  2. What is the difference between penetration testing and security testing?
  3. What is the best penetration testing certification?
  4. What is penetration testing with example?

Learn advanced security techniques by ECSA

Learn CEH & Think like hacker

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment