Get in Touch Close Menu

Types of Penetration Testing

29 December 2021

A penetration test exposes exploitable vulnerabilities and mitigates the risk of individuals or groups gaining unauthorised access to systems.

It is best to conduct regular penetration tests on your infrastructure and applications as part of your security regime.

There are many different pen tests available. These include:

  • External Testing
  • Internal Testing
  • Web Application Testing
  • Wireless Testing
  • Remote Access and VPN Testing
  • CHECK Testing
  • Device Testing
  • Firewall Review
  • Build and Configuration Reviews
  • Vulnerability Assessments and Automated Scanning
  • Social Engineering
  • Cyber Essentials
Types of Penetration Testing

For 25 years, Sapphire’s pen testers have been delivering successful testing and vulnerability analysis services for organisations across the UK.

This blog post will provide an overview of each penetration test type and its benefits.

External Network Penetration Testing

External Network Penetration Testing

There are a variety of routes whereby a bad actor can gain unauthorised access to an organisation’s systems. They range from telephony solutions, modems, ISDN and DSL, to name a few. These systems are used for various business purposes, including; support for remote and home working by staff, dedicated connections with organisation partners and suppliers, and access to public networks (e.g. Internet) and third-party networks.

When deciding on the scope of an external penetration test, the organisation needs to consider what external communication routes and services the organisation believes could be breached intentionally or accidentally. For this reason, an organisation may decide on one or several types of penetration testing below to expose vulnerabilities and bolster their defences.

Firewall Configuration Testing: a test to assess whether the configuration rules are deployed at an internal network or external (Internet) boundaries. A firewall configurations review helps to build and maintain confidence in the security of your organisation’s perimeter security controls.

Internet Vulnerability Scanning: this test scans the customer’s Internet connection to determine what services and associated vulnerabilities may be exposed to the outside world by cyberattacks providing insight and intelligence around the organisation’s exposure. 

Perimeter Network Testing extends remote testing by checking for vulnerabilities that may only be visible inside the external router. Perimeter Network Penetration Tests help determine the dependency on the external router, which may be the third-party supplied and configured.

Email Testing: various email services are available, each with potential and known security vulnerabilities. In Email penetration testing, a pen tester will require an investigation of each type of mail service used, which may be externally visible to determine their vulnerability.

Firewall Bypass Testing: during this process, a pen tester will examine the security hardening and configuration of the firewall and other exposed systems to establish how resistant they are to further penetration should unauthorised access be achieved.

System Access via Modems: The objective here is to identify, wherever possible, the type of connection service offered by active modems and whether these may present an opportunity to the outsider to gain easy access to a computer system.

Telephone Scanning: The concern here is that there may be unauthorised or ‘semi-official’ modems connected to organisations’ phone lines and providing access to their computers. The hacking and phone phreaking community use scanning techniques for detecting these and any authorised modem lines.

Internal Network Penetration Testing

Internal Network Penetration Testing

The main objective for this type of pen test is to determine what an attacker(s) could achieve, with some level of authorised access to the organisation’s IT services, by exploiting security weaknesses and vulnerabilities in the IT system.

There are three levels to Internal Network Penetration Testing:

  1. Network Level: testing for vulnerabilities in the internal network services can provide insight into how an attacker could gain unauthorised access to computers and services on the network.
  2. Computer Level: testing for security misconfigurations and vulnerabilities in the operating systems attached to the organisation’s networks. 
  3. User Level: testing that is carried out based on the access levels of various user roles to determine the potential impact of an insider threat.

Web Application Penetration Test

Web Application Penetration Test

Each time an organisation uses or publishes web-based applications, it is best practice to conduct a test to identify ways to exploit the application. 

Typically in two stages, the pen test will be completed initially with no authentication to the web applications and then with a valid user account for testing privilege escalation vulnerabilities and assessing any weaknesses with the authentication and authorisation mechanisms.

Remediation advice will be offered about security configurations and vulnerabilities identified. Most web applications are tested following the (Open Web Application Security Project) OWASP guidelines.

Social Engineering & Physical Penetration Testing

These types of penetration testing have the same objectives as network penetration tests to identify weaknesses and vulnerabilities. However, rather than focusing on a software or hardware system, a social engineering pen test focuses on the people within an organisation. 

Physical Penetration Testing simulates a situation to breach the physical security defences within an organisation and is often utilised within a wider social engineering exercise. Examples can involve pen testers tailgating employees to gain physical access to a building.

A physical penetration test can include activities like shoulder surfing to see what confidential or sensitive information can be retrieved and social engineering to gain access to secure or restricted areas. 

Wireless Pen Testing

A single weak link poses a valid security threat to the entire corporate network. However, Wi-Fi networks can provide sufficient security if configured correctly. A WLAN security audit should be conducted regularly to ensure compliance and aid in the early detection of vulnerabilities. Sapphire feels this is the right approach when you want to evaluate the security of specific devices or to analyse the evolution in security after applying technical changes.

The Sapphire Wireless Security Audit is a method of evaluating the Wi-Fi Security aspects of your networks. This can be achieved by simulating attacks against authentication, encryption or even “man-in-the-middle “attacks. Using various tools and processes, Sapphire will try to break into Wireless LANs by ethical hacking against standard security methods such as MAC authentication, WEP, WPA and WPA-2.

This audit aims to break into a wireless network to gain access to the network. Additionally, Sapphire can set up rogue and fake Access Points, waiting for users to connect to capture all activities they perform. Many of the tools used during WLAN penetration testing are the same tools that hackers may use for malicious purposes.

wireless testing

Sapphire will not use Wireless DDoS Attack Testing as this process can bring the wireless network to a complete hold by either jamming the wireless spectrum or overloading the Access Points.

The testing will check for common configuration errors that could allow an attacker to compromise the network. Sapphire will examine wireless infrastructure for weaknesses that may allow an unauthorised user to access back-end systems.

Typically, we will review the corporate and guest (SSIDs) from your Wi-Fi network and, where appropriate, analyse any infrastructure configuration files and client profile settings.

Frequently Asked Questions on Penetration Testing

1. What are the Top Penetration Testing Techniques?

Penetration techniques are necessary for evaluating the security and safety of the network in a controlled manner. Penetration testing can be applied to any network, system or application regardless of the organisation and industry to which it belongs.

There are many pen testing techniques, but the common ones include:

A) Manual Penetration Testin

In determining how to protect your organisation, it is important to know the risk level. It would help to decide whether a penetration test or a vulnerability assessment is right for you.

It is vital to know the difference between the two and the varying levels of security and attack surface that they provide against the threat that the hackers pose.

A penetration test will show you the level of risk for each level of privilege that each user has in your organisation.

It will also show if the privileges of the lower user levels can be escalated and used to gain complete control of systems at the executive level. This is achieved during credentialed-based testing with the view of potentially exploiting.

B) Vulnerability Assessments

A vulnerability assessment is predominantly completed with an automated tool and can review a high volume of external and internal infrastructure (based on IP ranges). It will provide a security snapshot of common vulnerabilities in your systems, where they are located and how to remediate them.

A vulnerability assessment will also not confirm whether common vulnerabilities can be exploited and how severe the risk is. Therefore, a vulnerability assessment might lead to false positives and misallocation of resources.

Something that is identified as a relatively low risk in a vulnerability assessment may be exposed as far more dangerous following a penetration test.

For instance, an attacker might be able to pivot from a system usually deemed unimportant and then use it to take control of a far more vital system.

C) Combination of Manual and Automated Scanning

This technique is more common in identifying all vulnerabilities through scanning, testing and potentially exploiting. An automated scan will identify open ports, services and basic vulnerability identification.

The scans are performed automatically, and the results are not manually verified.

Due to this, it is recommended that these results are verified by manual testing based on a sample.


2. What are the Stages of Penetration Testing?

The penetration testing process has several stages, and they include:

A) Gathering Information (Reconnaissance)

This stage involves the pen tester gathering and collecting different types of information about the IT environment, such as existing networks, resources, and applications involved with the target. It is a critical step for pen testers because the more information is gathered about a target, the better your chances of obtaining the relevant results in an attack.

B) Vulnerability Scanning

This is the second step which involves the ethical hackers performing a vulnerability scan on the target application using multiple tools. The stage helps the penetration tester understand the response of a target to multiple intrusion attacks in a static and running condition of the software code.

C) Vulnerability Exploitation

In this third stage, the penetration tester exploits vulnerabilities while aiming to gain access to the target in a controlled environment to understand how much an attacker can compromise a vulnerable system.

D) Maintaining Access

Once they discover vulnerabilities, they elevate network privileges by intercepting traffic and mapping the internal network to gain the highest level of access to the system.

E) Report Generation

Once penetration testing is complete, the final reporting should be done by collecting the evidence of exploited vulnerabilities for review and action. This last step also involves the testing methodologies, the scope of the assessment, and a summary of findings with risk severity. Finally, all the findings should be listed with their impact and recommendations for the correction process.

3. What Do SAST and DAST Stand for?

SAST is a white box penetration testing method that stands for Static Application Security Testing. It examines the software weaknesses to allow developers to get security vulnerabilities early in the software development life cycle.

On the other hand, DAST stands for Dynamic Application Security Testing, and it’s a black box penetration testing that inspects an application while it’s running to identify vulnerabilities an attacker could exploit.

4. What are the Types of VAPT?

VAPT, also known as vulnerability assessment and penetration testing, is a method used to examine an organisation’s IT infrastructure to find security vulnerabilities or possible attack avenues. There are three types of VAPT:

A) Black Box Testing

The penetration tester lacks prior knowledge of the system under the test for the black box penetration test.

B) White Box Testing

On the other hand, the penetration tester understands the system getting penetration tests performed for the white box penetration test.

C) Grey Box Penetration Testing

Grey box penetration tests are a combination of white box and black testing. The process involves testing from external or internal networks with the knowledge of the internal systems and networks.

5. What is the VAPT Process?

The VAPT process involves testing for security flaws in a software program or a computer network. It combines vulnerability assessment and penetration testing while trying to identify the defects within a security network and assessing their intensity.

The process is meant to help an organisation understand the nature of risk and recommend the best action to help you manage even complex vulnerabilities.

Related Articles

Cyber Security Risk Management: A Detailed Guide
20 March 2023

The increased digitisation of our world means the threat of cyberattacks and data breaches continues to grow. No organisation is immune to the risks of cybersecurity threats. In fact, a recent study shows the average time to identify and contain a data breach is 277 days, at an average cost of $4.35 million. That’s why cyber […]

Find Out More
What Is UEBA? User and Entity Behaviour Analytics Guide

Traditional security measures to deal with cybersecurity threats are no longer enough to protect a company’s sensitive data and assets. Therefore, companies need a solution that can detect and respond to potential threats in real time, and that’s where user and entity behaviour analytics (UEBA) comes in. In this article, we’ll explore UEBA in more […]

Find Out More
Web Firewall Application: Securing Online Applications

Application layer attacks or DDoS (Denial of Service Attacks)are the leading cause of breaches. However, a web application firewall (WAF) prevents malicious traffic from accessing web applications. While a web application firewall is not meant to defend against all types of attacks, it is a great tool to have in your arsenal. Let’s look at […]

Find Out More