What are pen tests?
Imagine having your organization being hacked without the negative consequences, bad press – data losses. Pen tests are a technique to identify vulnerabilities in the infrastructure of an organization. These vulnerabilities can be leveraged by an intruder to gain access to data or damage the reputation of an organization. There are four main areas of pen testing: external, internal, web applications and wireless.
There are three main different approaches to performing a pen test. The most common ones are
- Black Box Testing
- White Box Testing
- Gray Box Testing
Black box testing
Using a Black-Box Approach, our team will only have access to publicly accessible information about the target environment. This type of test aims to simulate the real-world scenario of external attackers targeting and attempting to compromise your organisation’s systems.
White box testing
Our team will assume full knowledge of the system that will be attacked. The goal of a white box pen test is to simulate an insider who has knowledge of and access to basic credentials for the target system.
Gray box testing
A mix of black- and and white pen tests. We assume some knowledge about the because the attacker we have in mind has access for a longer period of time already.
Web Application penetration testing categorizes exploitable susceptibilities in software and applications before any hacker discovers and exploits them. It reveals vulnerabilities that allow unauthorized access to critical and sensitive data.
With perimeter pen tests the team will go to your organisation’s location and physically test the guest and corporate wifi networks for vulnerabilities that can be exploited.
What is the difference with red teaming?
The boundaries between pen testing and red teaming are blurred. A principle to distinct the two is based on exploitation: a pen tester will see and identify all options that can be done; a red teamer will decide on a path of attack and actually exploit vulnerabilities as well to gain access. This has an increased risk for the target system depending on the type of exploitation. This can be mitigated by avoiding buffer overflow attacks for example.
Do you want to learn more? Contact us!