Penetration testing (aka pen testing) is a type of security testing that aims to uncover potential vulnerabilities in a system.
A pen test will not only report any found weaknesses but will actively try to exploit them through what is called ethical hacking.
Why do we need pen testing? Any attacker can interrupt or gain unauthorized access to a system if it is not well secured. A security risk may arise as a result of unintentional errors made during the development and implementation phases of software.
With penetration testing, we can:
- find weaknesses and risks that can lead to sensitive data leaks
- prevent phishing and cyber attacks
- maintain the trust of the users by protecting their sensitive information
- achieve compliance with standards and regulations
In this article, I’ll dive into the follow topics:
- Pen Testing Methodology
- 3 Main Approaches To Pen Testing
- What Are The Main Types Of Penetration Testing?
Pen Testing Methodology
Before penetration testing is done, the risks are identified with a vulnerability assessment. This means that the first thing to do is to identify the potential problematic areas (such as storing credentials), and then try to actively attack them.
Penetration testing should aim at any location of sensitive data, all the applications that store or interact with this data, all network connections, and all relevant access points. Pen tests try to exploit security vulnerabilities and weaknesses, attempting to penetrate the network and the applications.
The objective of pen testing is to determine if unauthorized access to critical systems or files can be done by malicious attackers. After these vulnerability scans are done, any found issues should be addressed and corrected.
3 Main Approaches To Pen Testing
Just like with all types and methods of testing, we can use different approaches to pen testing depending on the tester’s knowledge and access rights. The main approaches to pen testing include white-box, black-box, and gray-box testing.
1. White-box Penetration Testing
In white-box pen testing, the testers have full knowledge and full access to the system. This approach allows for in-depth testing and has the potential to discover more remote and harder-to-reach vulnerabilities.
2. Black-box Penetration Testing
Black-box penetration testing is a penetration testing approach where the tester has no knowledge of the inner workings of the system. A tester would design the pen tests as an uninformed cyber attacker.
This approach is the most similar to real-life scenarios, where hackers don’t have access to the actual source code of the application or the system that’s tested.
3. Gray-box Penetration Testing
Gray-box is the meeting point between white and black box testing. This means that the pen tester will have limited knowledge of the system.
Next, let’s dive into some of the different types of penetration tests.
What Are The Main Types Of Penetration Testing?
1. Web Application Penetration Testing
Website penetration testing is usually more targeted and more detailed than other types of pen tests. The main purpose is to find weaknesses and cybersecurity risks in websites and their components, such as their databases, source code, or the back-end network.
Web application pen testing is particularly important now when a great increase in cybercrime has been seen due to the Covid-19 pandemic.
Some of the common security weaknesses to look for as a penetration tester in a web app include:
- Unprotected access points
- Weak passwords
- SQL injection attacks
- Code injection
- Cross-site scripting
- Data breach
- Phishing attacks
2. Client-Side Penetration Testing
This is a type of testing that checks for local threats. These threats can come from any apps or programs that are running on the employees’ workstations—browsers, media players, open-source apps, presentation or content creation apps (think Microsoft PowerPoint).
Apart from third-party apps, internal programs and frameworks can also cause security threats, so make sure to include them in the tests.
3. Network Penetration Testing
This type of testing is one of the most commonly requested for pen testing. Its goal is to discover vulnerabilities in the network infrastructure.
Networks have both internal and external access points, which can make them vulnerable to attacks from cybercriminals. The two subcategories for network penetration testing are: internal network testing and external network testing.
Internal Network Pen Testing
This type of pen testing starts with the assumption that the hacker attacks are coming from inside the network. As a pen tester, you assume the role of a malicious person with a certain level of (more or less) legitimate access to the internal network.
This can mean, for example, analyzing the impact of confidential information unwillingly disclosed, altered, misused or destroyed.
External Network Pen Testing
In this case, the scenario being emulated is that the attack comes from outside the network. The testers will try to break into the system by exploiting vulnerabilities from outside which can allow access to internal data and systems.
Pen testing can focus on the following network security risks:
4. Social Engineering Testing
Social engineering is different from other testing types because it does not focus on technical aspects of the systems or applications. Instead, the focus shifts to the psychology of the users and employees, which can unintentionally compromise security.
There are two ways you can perform social engineering pen testing: remote or physical.
The remote social engineering testing is done through electronic means, such as phishing emails with the potential of containing malware. If the employees open the email, it may be a good idea for the company to start conducting security training sessions to prevent such actual attacks.
Physical security testing means actually talking to people and convincing them to disclose sensitive information.
I don’t know about you, but in the past years, three of the companies I worked for performed these types of tests. For example, we, as employees, received emails claiming that we won some prize from shopping websites or special discounts. The emails would prompt us to click a link or download a file. In normal circumstances, when the attack is real, and not simulated, the URL or attachments usually contain malware with the potential to infect the computers and steal personal or confidential data.
You’d be surprised how many people actually fall for these kinds of traps, especially when the email seems to come from a trusted source, such as Amazon.
Please keep in mind that whenever conducting such testing, the management should always be informed beforehand.
5. Physical Penetration Testing
Physical penetration testing goes beyond the digital aspects. To do this type of test, you will have to assess how easy it can be to gain physical access to a facility. This can be done by trying to bypass security controls, sensors, security cameras, or even trying to lock-pick the doors.
The benefits of physical testing are immediate—remediation to any found vulnerability can be applied as soon as the area that needs improvement has been identified.
6. Wireless Penetration Testing
Wireless network breaches are a real threat to a company’s security. The tests are conducted on all physical wireless devices, such as laptops, tablets, smartphones, etc. that are connected to the WiFi network.
Things to look for when doing wireless testing include, but are not limited to:
- encryption weaknesses
- vulnerabilities in wireless protocols, wireless access points, or admin credentials
- default or weak passwords
- unauthorized hotspots
- denial of Service (DoS) attacks
Pen testing is really important and comes with many benefits, but it’s not as easy to perform as other types of testing. If you want to practice your skills, you can take a look at OWASP’s demo app and get involved in some hacking challenges.
Enjoyed this article? There are many interesting QA-related topics you can find on The QA Lead, so be sure to subscribe to the newsletter!
Check These Out:
Related List of Tools: