What Are the Different Types of Penetration Testing?

The need to protect computer systems and the data they hold is an increasingly important topic. Cyberattacks are becoming more common as criminals attempt to access valuable information and disrupt businesses. Industries such as e-commerce, health care, and government are often targets of these attacks. However, nobody is immune to the threat of cyberattacks, with virtually all industries also at risk. One approach to protecting IT infrastructure and data against cyberattacks is through penetration testing—or pen testing for short. This strategy helps identify potential vulnerabilities before criminals do.

What is penetration testing?

Penetration testing is a method for preventing cyberattacks by performing a simulated attack, where the penetration tester attempts to find the vulnerabilities that attackers could potentially exploit. This allows the business or organization to understand exactly where they can improve their defensive measures to ensure their information and systems are safe. Another term for penetration testing is ethical hacking or white hat hacking. 

After finding a system's weaknesses, a penetration tester continues to further exploit the system like a hacker would if they were to gain access. By further pursuing the potential harm of an attack, you can learn more about how an attacker may work to get to your protected information, giving you more context to design a better, more specific plan of defense. This separates pen tests from a vulnerability scan, which solely identifies vulnerabilities.

Who performs a penetration test?

Penetration testers perform penetration tests. Penetration testers often come from outside the organization, so they don’t come into the pen test without understanding how the system they’re ethically attacking works, helping to potentially spot any unknown weaknesses.

While many penetration testers have a formal education in areas such as cybersecurity or computer science, some pen testers are self-taught. Penetration testing requires several skills, including an understanding of computer networks and their components, the ability to code, and knowledge of security technologies. Additionally, you should have problem-solving and communication skills to be able to explain findings to those who may not have the same level of technical expertise.

Three approaches to performing a penetration test

You can typically classify penetration testing approaches into three categories: black box testing, white box testing, and gray box testing. 

Black box testing

Black box tests describe when the penetration tester comes into the test without prior information about the system they will hack. This helps to accurately simulate what would occur in a real-life cyber attack and is the best way to replicate the process.

White box testing

During a white box test, the pen tester instead has access to every piece of information relating to the system, including the architecture, credentials, and source code. This thorough approach helps ensure the penetration test covers all aspects of the system.

Gray box testing

Gray box testing helps simulate an attack in which the attacker has a basic understanding of the system and its various components. By giving the pen tester minimal information on certain areas, they can perform tests focused on those areas.

9 types of penetration testing

Several types of penetration testing exist, each helping address specific needs. Here’s a look at nine different penetration testing methods you can use.

1. Internal pen testing

Internal pen testing is a way to simulate an attack from the inside, where the attacker has a certain level of access already granted. This helps simulate situations such as an internal attack from an employee.

2. External pen testing

External tests occur from the outside, through areas such as the organization's servers or website. This highlights the threat of a cyber attack from an outside source and whether or not the system is accessible externally.

3. Blind pen testing

Blind pen tests are also known as closed box pen tests. In this scenario, the penetration tester knows nothing about the system they are attacking, just the name of the company and any other publicly accessible information.

4. Double-blind pen testing

The difference between a blind and double-blind pen test is that the employees or team members responsible for handling attacks are unaware of what’s happening. A benefit of double-blind pen testing is it allows you to learn how the company will respond to a real attack.

5. Social engineering pen testing

Social engineering pen tests can include a physical attack on a building or infrastructure, such as getting past security guards and through email, a website, or other means. The strategy for this type of test is to attempt to trick employees into offering up information that would put the company at risk of an attack, potentially enabling access to their systems. 

6. IoT pen testing

IoT pen tests seek to find security issues in connected IoT components such as servers, applications, software, and hardware. This can highlight several vulnerabilities, including unencrypted data and poor access control.

7. Network pen testing

During a network pen test, the attempted attack occurs through the network. The pen tester tries to gain access through areas such as servers, routers, and firewalls. Network pen tests can happen internally or externally.

8. Web application pen testing

Web-based applications are the target for this type of pen test, with the pen tester using information they find from operating systems and web servers. The pen tester can also attempt to access protected files containing passwords.

9. Physical pen testing

Rather than hacking a system externally, a physical pen test directly attacks different components they can access. This can include locks, sensors, access cards, cameras, and alarms that are in place to provide security.  

The five phases of a penetration test

Penetration testing generally follows a five-step process:

1. Reconnaissance: During this first stage, pen testers gather and receive information about the test in areas such as the operating system, source code, and network layout, as well as publicly available information.

2. Scanning and vulnerability assessment: This is where the pen tester begins observing the system to identify any potential weak areas to attack. Pen testers can use specific tools designed to aid in this discovery stage.

3. Exploitation: During the exploitation phase, the pen tester conducts the attack, looking for vulnerabilities and weaknesses to exploit. It’s essential that the attacker take precautions during this stage not to harm the system.

4. Reporting: Reporting and documenting the discoveries during the attack allows the organization to examine its procedures and systems, address any flaws, and make improvements.

5. Recommendations: Lastly, the penetration tester can help the organization develop strategies to prevent attacks, making recommendations based on the findings.

How often should penetration tests be performed?

How often an organization should perform penetration tests varies; however, the general recommendation is at least once yearly. Anytime a network's infrastructure is added, a system becomes increasingly vulnerable, so it’s best to perform penetration tests during these situations as well. 

Getting started with Coursera

On Coursera, you can find highly rated courses to learn more about pen testing and cybersecurity. Penetration Testing, Incident Response and Forensics from IBM covers the various phases of the penetration testing process and can help you learn to gather data for penetration tests.

Assets, Threats, and Vulnerabilities from Google is another course in which you can learn more about identifying vulnerabilities and threats, classifying assets, and cryptography.