Penetration testing refers to the process of identifying the whereabouts of various weaknesses and flaws present in a computer system, network or web application that a cyberattacker can exploit.
This process involves gathering sufficient prior information about the target that needs to be tested, including possible entry points, whether virtual or real & reporting back the detailed findings.
A penetration testing can also be used to evaluate a organization’s security posture, as well as measure the compliance of its security policies & their effectiveness. Some of the major penetration testing strategies used
by security experts are:
- Targeted Testing: Is a joint testing process performed by an organization’s IT team and penetration testing team together. In this everyone has access to the test being carried out.
- Blind Testing: This testing method tries to mimic a real time attacker or hacker by intentionally limiting the system information given to them beforehand.
- Internal Testing: this mimics an inside attack by an authorized user with standard access privileges.
- External Testing: This testing mainly targets an organizations prominently visible servers or devices using domain name servers, web servers, email servers. With the objective to find our if an outsider can gain
access and then how far he can go once they’re inside the network.
- White Box testing: Under this type of testing, the tester is provided with various inside information about the organization’s security infrastructure such as internet Protocol addresses, network architecture and
source code among others.
- Black Box Testing: This is quite similar to Blind testing and the opposite of the White Box Testing. As the tester is given no prior information about the target before the test and must make its own way inside.