Penetration testing, often shortened to pen testing, is a type of Cyber Security exercise that involves simulating an attack on a computer system to detect vulnerabilities that could be exploited by malicious hackers. Pen testing can involve all networks, devices, applications, physical security components, and even business processes, although a specific test may be more limited in scope. The final goal of penetration testing is to identify as many security weaknesses as possible so that an organization can make informed decisions towards its risk mitigation strategy.
This exercise is analogous to a bank running a simulated robbery. By having a security expert trying to rob the bank, the team can identify ways that it could improve its security including better implementation of locks, cameras, response protocols, and more. More often than not, it’s not a lack of tools, but a failure of implementation of security principles.
Types of Penetration Testing
Penetration testing can be categorized based on several things, including parameters and the target. The following are a few of the most important types you should know:
- Open-Box or White-Box Test: In this type of pen test, the offensive team has complete transparency on the target’s technology and Cyber Security. This can be considered more rigorous due to the testers researching potential vulnerabilities.
- Closed-Box or Black-Box Test: In this scenario, the offensive team is given no background information other than a basic description of the target. This is arguably more similar to a real-world scenario. It is sometimes referred to as a “single-blind” test.
- Gray-Box Test: This type of test is an intermediate option between the two mentioned above. The offensive team has partial information about the target.
- Covert Test: In this setup, the organization being tested is not aware that the penetration test is happening. Therefore, the IT and security professionals charged with responding to the attack will react exactly as they would during a malicious attack.
- External Test: During an external test, the penetration testers attempt their attack from outside of the company’s network. This is a simulation of a hacker who is outside of the organization.
- Internal Test: This type of test simulates what a disgruntled employee or another individual on the network may be able to do. The penetration testers begin their attack from the organization’s internal network.
Penetration tests may also be categorized by the target. For example, there are web applications, network security, physical security, and cloud security penetration tests. Pen tests may also be more general in scope, encouraging the testers to exploit any weaknesses they can find.
How a Penetration Test is Conducted
Typically, penetration testing is performed by external security contractors on behalf of an organization because few organizations are large enough to afford to maintain these positions on staff at all times. Before starting any test, the testing team will meet with their client to determine the scope of the assessment so it provides the most value to the client, while minimizing effects on business operations. The following are the five major steps of the penetration testing process:
- Information Gathering: During this phase, the testers research a wide variety of data about the target. They may use tools such as LinkedIn, client websites, WhoIs and more to find personnel information, server addresses, DNS information and more that may be useful.
- Footprinting and Scanning: In the next phase, the testers will deepen their understanding of the IT infrastructure and possible target vulnerabilities. This can involve penetration testing tools such as Nmap and FPing.
- Vulnerability Assessment: Using their research, the testers will compile a list of all possible vulnerabilities. This will help them to plan how they will attempt to attack the system.
- Exploitation: Once the plan is ready, the testers will execute it and test whether potential vulnerabilities are exploitable. This is a cyclical process that continues until all systems and services within the scope of the test have been exploited in all possible ways. This stage involves penetration testing tools such as Cobalt Strike, SQLMap, Hydra and John the Ripper.
- Reporting: Finally, the penetration testers compile a report based on their testing. The client can use this report to improve Cyber Security, physical security and other processes, procedures or technologies that the testers may have exploited.
Learn More About Penetration Testing and Cyber Security
Now that you know the basic answer to “what is penetration testing?” you may be interested in learning more. This is a fascinating area of Cyber Security that brings together creativity, technical know-how, and social intelligence. INE provides expert Cyber Security training including penetration testing and many other topics across the offensive-defensive spectrum