The Most Common Types of Penetration Testing

Penetration testing, or ‘pen testing’, as it is often shortened to, gives your organisation the opportunity to identify and rectify vulnerabilities and security risks before cyber criminals can exploit them. This proactive approach is allows you to significantly improve your organisation’s security posture and the resilience of its systems and infrastructure.  

Internal Network Penetration Testing 

When performing an internal network pen test, the tester attacks your network while assuming the role of a compromised employee or other ‘insider’ with a degree of legitimate access to the internal network. These tests allow the tester to discover the extent to which a rogue staff member (or malicious actor pretending to be one) could negatively impact the organisation.  The outputs from this type of pen testing include recommendations for improvements to security controls such as patch management, system privileges, network segmentation and protection against vulnerable applications and protocols.  

External Network Penetration Testing 

External network pen tests involve the tester conducting a simulated attack on your network infrastructure from outside of your organisation, using vulnerabilities they find while examining your organisation’s public assets and information. They may also attempt to gain network access through external facing assets, such as cloud-based applications, websites and services exposed by on-premise servers. A pen tester may, for example, try to crack a password using data gathered from leaked data breaches, internally developed tools, OSINT, etc., mimicking the approach a malicious hacker may take when trying to compromise your organisations systems and network.  

Mobile Application Testing 

Mobile application penetration testing is usually conducted in line with standards such as OWASP Mobile Application Security Verification Standard and OWASP Mobile Security Testing Guide. They allow the tester to uncover vulnerabilities and key security issues (such as privacy, data storage, authentication and network communications) within your mobile application and establish how a malicious user could misuse the application and disrupt its intended operations.  

Web Application Testing 

When conducting a web application pen test, the tester will assess the security of your custom applications and website, allowing them to identify any coding, design and development weaknesses that malicious hackers would be able to exploit. Although scanning is also a valuable means of identifying weaknesses, they will generally only capture the ‘low hanging fruit’ issues with your software code; it’s important to clear up these vulnerabilities, as they are the first port of call for a malicious actor attempting to compromise your systems. However, in order to defend yourself against more experienced and skilled cyber criminals, it’s important to go beyond scanning by performing pen tests, as these will identify more complex problems.   

Wireless Penetration Testing 

A wireless pen test allows you to ensure that your Wi-Fi devices and protocols are completely protected from malicious actors. Wireless pen tests are conducted with the aim of uncovering vulnerabilities in wireless network configurations, encryption protocols, authentication mechanisms, or other security controls, which attackers could potentially take advantage of. To do this, your tester may employ a range of techniques, such as assessing whether hackers can connect to your organisation’s Wi-Fi, or verifying that guest networks are sufficiently segregated from corporate networks.  

Social Engineering Testing 

Unlike the other forms of pen testing mentioned above, social engineering penetration testing is an evaluation of your organisation’s security on a personnel level, assessing your colleagues’ susceptibility to social engineering attacks and, in turn, the effectiveness of your security training and awareness programme.  To do this, a social engineering tester will try to manipulate employees, often using phishing emails, into providing them with access to sensitive information, systems, or physical locations belonging to the organisations. This will allow you to identify vulnerabilities in your human-based security defences, and follow up with appropriate measures to mitigate these risks, such as increased information security awareness training.  

Physical Penetration Testing 

Physical penetration testing, also known as physical security testing, focuses on assessing the robustness and resilience of your organisation’s physical security controls. The tester will pose as an individual trying to gain unauthorised access to your organisation’s premises to test the effectiveness of access controls (e.g. visitor management processes, ID card systems, etc.), surveillance systems, physical barriers, and other physical measures your organisation has implemented to prevent unauthorised personnel gaining access to a location.  

Security and Configuration Review 

A. Cloud security review

A cloud security review will allow you to identify weaknesses within the cloud environment (e.g. AWS, Azure, GCP and Microsoft 365) while also being cost-effective. The nature of cloud infrastructures means that a black-box infrastructure penetration test (a pen test in which the tester is provided with no information) is not, generally, the most efficient or effective method for identifying areas of weakness within a cloud environment. However, an authenticated review will provide you with more targeted recommendations, allowing you to evaluate and improve the security of your cloud environment more effectively.   

B. Servers and workstation build security review

Build reviews, on the other hand, are a type of white-box assessment (a pen test in which the tester is provided with complete knowledge of and full access to the target), which are conducted with the aim of identifying vulnerabilities in the workstations and servers being used by an organisation.  A build review can identify vulnerabilities such as security misconfigurations, patching issues and hardening opportunities, providing you with valuable recommendations to improve the security of your organisation’s workstations and severs. They play an essential role in allowing you to develop and maintain a strong cyber security posture.  

C. Firewalls security review

A firewall security review will see the pen tester analyse the rules, patching and configuration of a firewall. By identifying weaknesses in the firewall, you will be able to ensure that the access control rules are aligned with the device’s business purpose.  

Vulnerability Assessment 

Also known as vulnerability scans, these automated assessments can provide a broad overview of security misconfigurations and weaknesses in your organisation’s internal or external network infrastructure. Due to the very limited human oversight they require, vulnerability scans are great for covering a larger number of systems and detecting common and new vulnerabilities within them. Despite this, they are generally less able to identify complex weaknesses or unique configurations. As such, vulnerability scans are most effective when used in conjunction with manual penetration tests. 

How URM Can Help 

If your organisation needs to conduct penetration testing as a compliance requirement, or would simply like to identify areas of weakness and improve its security posture, it is vital that it does so by enlisting the help of a trustworthy, experienced pen testing provider. We at URM provide a wide range of pen testing services, the quality and reliability of which are verified by our CREST and CREST OVS accreditation.