7 Key Types of Penetration Testing Explained

In our last couple of blogs we shared what is penetration testing and the benefits of choosing a CREST accredited partner for penetration testing.  Now if your organization has decided to conduct a Penetration Test, great!

But an important question at the start is deciding what type of test is required. With the increase in technology and methods of hacking, there has also been an increase in penetration tests, this article aims to list and explain the main types of penetration tests. 

External Penetration Testing - During this penetration test the hacker/tester targets the external aspects of the company like the website and external servers. Usually the hacker is not allowed into the premises of the company and conducts the hack from a remote location.

Internal Penetration Testing - During this penetration test the hacker/tester targets the company from within the company’s internal networks. Internal penetration testing is done in the hopes of learning of any vulnerabilities in the security if it was accessed by someone internally behind the firewall i.e. within the company. 

Wireless Penetration Testing - During this penetration test, the hacker/tester targets the Wireless Local Area Network or WLAN of the organization as well as the other wireless protocols including Bluetooth, Z-Wave and Zigbee. To identify the scope of the engagement, testers may require access to the number of wireless and guest networks, locations and unique SSIDs to be assessed.

Web Application Penetration Testing - During this penetration test, the hacker/tester conducts an assessment of websites and custom applications delivered over the web, looking to uncover vulnerabilities such as coding, design and development flaws that could be maliciously exploited during a cyber attack. To scope a test, information such as the number of apps that need testing, as well as the number of static pages, dynamic pages and input fields need to be provided for assessment. 

Mobile Application Penetration Testing - The testing of mobile applications on operating systems including Android and iOS to identify authentication, authorisation, data leakage and session handling issues. To scope a test, providers will need to know the operating system types and versions they’d like an app to be tested on, number of API calls and requirements for jailbreaking and root detection.

SCADA Penetration Testing - SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system used to monitor and control industrial and infrastructure processes, as well as critical machinery. Penetration testing of a SCADA system helps identify vulnerabilities that can be manipulated by malicious actors.

Cloud Penetration Testing - Cloud Penetration Testing is an authorised simulated cyber-attack against a system that is hosted on a Cloud provider, e.g. Amazon's AWS or Microsoft's Azure. The main goal of a cloud penetration test is to find the weaknesses and strengths of a system, so that its security posture can be accurately assessed.

Looking to identify the vulnerabilities in your cybersecurity setup? StickmanCyber's penetration testing services brings in CREST ANZ registered testers to comb through your systems, identify possible gaps, and prepare a comprehensive list of action items to mitigate risks. 

Ready to proactively take charge of your cybersecurity. Book a penetration test today!

Similar posts

Get notified for new cybersecurity insights

Subscribe for a weekly round-up of the latest in cybersecurity - from knowing the potential threats, to best practices, to insights on how to manage, evolve and strengthen your cybersecurity posture - we'll share it all.