Penetration testing – types and its categories
When penetrations testing is defined, its category with its type of penetration test is also be defined along with penetration testing. There are mainly three types of penetration testing can be taken place. There are a black box, white box, and a gray box.
Black box testing:
In the black box penetration testing, there is no information is provided with a specific target. In the network penetration, only IP range is provided that you want to test. While in case of web application penetration test, the source code is not provided. This is the main scenario that you will encounter while performing an external penetration test.
In white-box penetration testing, all the information is provided about the target. In the network penetration testing, information about the target is provided. While in case of web application penetration test the application source code is also specified. This will enable to perform the static or dynamic source code analysis. This type of scenario is very common in the internal and onsite penetration tests. Here organizations are considering about the leakage of information
Gray box Testing:
In Gray box testing, the information provided is partially and some of the information is hidden. In the case of a network penetration test, the organization provides the names of the application running behind the IP address. However, the exact version of service running is not specified. While in the case of web application penetration testing. Some extra information like test accounts, backend server and databases are fully provided.
Types of penetration testing
Penetration testing can be classified into two types. They are network penetration testing and social engineering penetration testing
Network penetration testing
In the network penetration testing, one can be testing a network environment for the security purpose like vulnerabilities and threats. This type of testing can be divided into two categories. They are external and internal penetration tests. External penetration: External penetration test involves in testing the IP addresses whereas in internal testing you are the part of the internal network and testing the network. one can also be provided vpn access to the network. Internal penetration testing: Internal penetration testing can be a part of the internal network and test the network.
Web application penetration test
Web application penetration test is very common nowadays. Web application hosts critical data such as credit card number, user name, and passwords. So, therefore, this type of penetration testing is very common in the penetration test
Mobile penetration test:
Mobile penetration testing is the newest type of penetration testing. It becomes very popular because every organization uses android and Ios based mobile applications to provide service to customers. So organization wants to make sure the mobile applications insecure enough for users to rely on providing personal information using such applications
Social engineering test
Social engineering test can be a part of penetration testing. Here the organization asks to attack the users and spread phishing attacks and browser exploits to trick a user into doing things they intend to do. You can also learn more on penetration testing through ceh certification training
Physical penetration test
A physical penetration test is rarely doing as a penetration tester. Here organization asks you to walk the organization building physically and test physical security controls such as locks and RFID mechanisms etc. these are the some of the important penetration testings. You can also study further on penetration testing through an ethical hacking online course