What Is Penetration Testing?
Penetration testing (pentesting), is a cybersecurity technique used by organizations to identify and remediate security vulnerabilities. Organizations hire ethical hackers to imitate the tactics and behaviors of external attacks. This makes it possible to evaluate their potential to compromise computer systems, networks, or web applications.
Organizations also use penetration testing to ensure compliance—some compliance standards and regulations require a penetration test to prove that the organization’s systems are secure.
In this article we’ll review the following penetration testing types:
1. Network Penetration Testing
2. Web Application Penetration Testing
3. Wireless Penetration Testing
4. Physical Penetration Testing
5. Social Engineering Penetration Testing
6. Client-Side Penetration Testing
7. IoT Penetration Testing
8. Mobile App Penetration Testing
9. Red Team Penetration Testing
1. Network Penetration Testing
Network penetration testing finds and exploits the most exposed vulnerabilities in network infrastructure such as servers, firewalls, and switches. This type of testing can help protect your business from common network-based attacks, such as:
- Firewall misconfiguration and firewall bypass
- IPS/IDS evasion
- Router attacks
- DNS-level attacks
- Zone transfer attacks
- Switching or routing-based attacks
- SSH attacks
- Proxy server attacks
- Attacks on unnecessary open ports
- Database attacks
- Man-in-the-middle (MitM) attacks
- FTP/SMTP-based attacks
2. Web Application Penetration Testing
Web application penetration testing is used to find vulnerabilities in web-based applications. It uses a three-step process:
- Reconnaissance—discovering information about web servers, operating systems, services, resources, and more used by the web application
- Discovery—finding vulnerabilities in the web applications and planning attack vectors to be used in the penetration test.
- Attack—exploiting a vulnerability to gain unauthorized access to the application or its data.
Penetration testing of web applications can identify security vulnerabilities in databases, source code, and backend networks of web-based applications. It can not only identify vulnerabilities but also help prioritize them and provide solutions to mitigate them.
Related content: Read our guide to web application penetration testing
3. Wireless Penetration Testing
Wireless communications are services that allow data to move in and out of networks and must be protected from unauthorized access and data exfiltration. Wireless penetration testing is used to identify risks associated with wireless networks and evaluate weaknesses such as:
- Deauthentication attacks
- Misconfiguration of wireless routers
- Session reuse
- Unauthorized wireless devices
4. Physical Penetration Testing
If a threat actor has physical access to a server room or other sensitive facility, they can potentially compromise the entire network, which can have devastating effects on business, customers, and partnerships. Physical penetration testing can help secure an organization’s physical assets from threats such as social engineering, tailgating, and badge cloning.
Physical penetration testing finds weaknesses in physical controls such as locks, doors, cameras, or sensors, and allows the organization to quickly remediate defects.
5. Social Engineering Penetration Testing
When it comes to security, users are often considered the weakest link of the security chain, and are a common target for attackers. Social engineering penetration testing focuses people and processes in the organization and the security vulnerabilities associated with them. It is performed by ethical hackers who attempt social engineering attacks which are commonly experienced in the workplace, such as phishing, USB dropping, and spoofing.
The goal is to identify vulnerable individuals, groups, or processes, and to develop pathways for improving security awareness.
6. Client-Side Penetration Testing
Client-side penetration testing tests can uncover security vulnerabilities in software running on client computers, such as web browsers, media players, and content creation software packages (such as MadCap Flare, Adobe Framemaker, or Adobe RoboHelp). Attackers often compromise client-side software to gain access to company infrastructure.
Perform client-side testing to identify specific network attacks, such as:
- Cross-site scripting attacks (XSS)
- Clickjacking attacks
- Cross-origin resource sharing (CORS)
- Form hijacking
- HTML injection
- Open redirection
- Malware infection
7. IoT Penetration Testing
IoT penetration testing looks for security vulnerabilities in connected ecosystems, including vulnerabilities in hardware, embedded software, communication protocols, servers, and web and mobile applications related to IoT devices.
The types of tests conducted on hardware, firmware, and communication protocol depend on the connected device. For example, some devices may require data dumping through electronic components, firmware analysis, or signal capture and analysis.
8. Mobile App Penetration Testing
Mobile application penetration testing is performed on mobile applications (excluding mobile APIs and servers), including both static and dynamic analysis:
- Static analysis extracts source code and metadata and performs reverse engineering to identify weaknesses in application code.
- Dynamic analysis finds application vulnerabilities while the application is running on a device or server.
9. Red Team Penetration Testing
Red team penetration is an advanced testing technique based on military training exercises. It uses an adversarial approach, allowing organizations to challenge their security policies, processes, and plans. Blue teaming, or “defensive security,” involves detecting and withstanding red team attacks and real-life adversaries.
Red teaming combines physical, digital, and social contexts to simulate a comprehensive real-life attack scenario, making it distinct from standard penetration testing. It encompasses tasks related to the various types of penetration testing. While a standard pentest aims to identify as many vulnerabilities as possible in a set timeframe, it is typically limited by artificial restrictions such as the task scope.
Regular penetration tests are important, but they don’t provide realistic conditions, such as combined attack techniques. Red teaming allows security teams to assess the overall environment and understand how its components function together. It requires critical thinking to identify new, complex vulnerabilities.
Red team assessments are generally more time-consuming than standard penetration tests, often taking several months to complete. This complex nature makes red teaming a rare operation, viable only for large organizations.
Related content: Read our guide to penetration testing services
Complementing Penetration Testing with Dynamic Application Security Testing (DAST)
Bright Security significantly improves the application security pen-testing progress. By providing a no-false positive, AI powered DAST solution, purpose built for modern development environments the pen-testing process can be automated and vulnerabilities can be found faster and at a lower cost. Moreover, integrating Bright Security into DevOps environments enables you to run DAST scans as part of your CI/CD flows to identify a broad set of known (7,000+ payloads) security vulnerabilities early in the development process.
In addition to detecting technical vulnerabilities, Bright Security’s unique ability to detect business logic vulnerabilities offers broader coverage and detection that any other automated solution.
Learn more about the Bright Security DAST Solution
