Know about the types of Penetration Testing

Penetration testing is an activity that involves in-depth analysis of website or network to uncover hidden vulnerabilities. A penetration tester actually performs the exploit to create a proof-of concept for the weakness and opposed to vulnerability assessment that limits itself to scanning resources to identify vulnerabilities.

Across the Globe, Penetration Testing is considered illegal if not authorized by the host organization.

Types of Penetration Testing

  • White Box / Full knowledge test:The penetration testing team has as much knowledge as possible about the systems to be evaluated. This penetration test simulates the possible attacks that might be mounted by a person with knowledge about the victim, eg employees, vendors etc.
  • Gray Box / Partial knowledge test: The testing personnel will be provided with some information that is related to the specific type of information vulnerability that is desired.  This knowledge is usually constrained to detailed design documents and architecture diagrams. It is a combination of Black Box Testing method and White Box Testing method.
  • Black Box / Zero knowledge test: The testing team is provided with no specific information and begins the testing by gathering information on its own initiative. Information gathering activities like reconnaissance and social engineering are some ways of collecting information. This type of test closely links with the hacker’s methodology.

Find Cyber Security Vulnerability Assessment and Penetration Testing (VAPT) Interview Questions with Answers here

The testing approach chosen depends on a number of factors, including time available for the assessment, knowledge and access to internal application resources and the identified goals of the test.

Typically the type of penetration test is chosen based on the following:

  1. Tests intended to broadly approximate the short-term efforts of targeted attackers with limited resources and knowledge can be conducted using black box methodologies.
  2. Tests intended to reflect longer-term efforts by attackers who have more significant resources like design documents, used technology, algorithms and architecture diagrams; gray box tests can help to reflect on the knowledge that attackers need about application internals to expend the full amount of resources that would be available to attackers.
  3. Teams that need to make the most detailed and insightful future recommendations about applications within a limited amount of time should use white or clear box testing.
0 0 vote
Article Rating

Related posts

Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments
trackback

[…] off-the-shelf tools available the time for vulnerability discovery is slowly converging.  Know the type of VAPT is best for your environment and secure your website today.VAPT is an extremely significant […]