Get in Touch Close Menu

Types of Penetration Testing

29 December 2021

Organisations use a penetration test to expose exploitable vulnerabilities and mitigate the risk of individuals or groups gaining unauthorised access to their systems.

It is best to conduct regular penetration tests on your infrastructure and applications as part of your security regime.

There are many different penetration tests available, all of which fall under the five areas below:

  • External Pen Testing
  • Internal IT Infrastructure
  • Web Application Penetration Testing
  • Social Engineering & Physical Security Tests
  • Wireless Networks Penetration Testing
Types of Penetration Testing

For 25 years, Sapphire’s pen testers have been delivering successful testing and vulnerability analysis services for organisations across the UK.

This blog post will provide an overview of each type of penetration test, along with the benefits.

External Network Penetration Testing

External Network Penetration Testing

There are a variety of routes whereby a bad actor can gain unauthorised access to an organisation’s systems. They range from telephony solutions, modems, ISDN and DSL, to name a few. These systems are used for various business purposes, including; support for remote and home working by staff, dedicated connections with organisation partners and suppliers, access to public networks (e.g. Internet) and third-party networks.

When deciding on the scope of an external penetration test, the organisation needs to consider what external communication routes and services the organisation believes could be breached either intentionally or possibly accidentally. For this reason, an organisation may decide on one or several types of penetration testing below to expose vulnerabilities and bolster their defences.

Firewall Configuration Testing: a test to assess whether the configuration rules are deployed at an internal network or external (Internet) boundaries. A firewall configurations review helps to build and maintain confidence in the security of your organisations’ perimeter security controls.

Internet Vulnerability Scanning: this test performs a scan of the customer’s Internet connection to determine what services and associated vulnerabilities may be exposed to the outside world by cyberattacks providing insight and intelligence around the exposure of the business. 

Perimeter Network Testing extends remote testing by checking for vulnerabilities that may only be visible inside the external router. Perimeter Network Penetration Tests helps determine the dependency on the external router, which may be the third-party supplied and configured.

Email Testing: there are various email services available, and each one has potential and known security vulnerabilities. In Email penetration testing, a pen tester will require an investigation of each of the types of mail services used and which may be externally visible to determine their vulnerability.

Firewall Bypass Testing: during this process, a pen tester will examine the security hardening and configuration of the firewall and other exposed systems to establish how resistant they are to further penetration should unauthorised access be achieved.

System Access via Modems: The objective here is to identify, wherever possible, the type of connection service being offered by active modems and whether these may present an opportunity to the outsider to gain easy access to a computer system.

Telephone Scanning: The concern here is that there may be unauthorised or ‘semi-official’ modems connected to organisations phone lines and providing access to their computers. The scanning techniques for detecting these and any authorised modem lines are those used by the hacking and phone phreaking community.

Internal Network Penetration Testing

Internal Network Penetration Testing

The main objective for this type of pen test is to determine what an attacker(s) could achieve, with some level of authorised access to the organisation’s IT services, by exploiting security weaknesses and vulnerabilities in the IT system.

There are three levels to Internal Network Penetration Testing:

  1. Network Level: testing for vulnerabilities in the internal network services can provide insight into how an attacker could gain unauthorised access to computers and services on the network.
  2. Computer Level: testing for security misconfigurations and vulnerabilities in the operating systems attached to the organisation’s networks. 
  3. User Level: testing that is carried out based on the access levels of various user roles to determine the potential impact of an insider threat.

Web Application Penetration Test

Web Application Penetration Test

Each time an organisation uses or publishes web-based applications, it is best practice to carry out a test to identify ways to exploit the application. 

Typically in two stages, the pen test will be completed initially with no authentication to the web applications and then with a valid user account for testing privilege escalation vulnerabilities and assessing any weaknesses with the authentication and authorisation mechanisms.

Remediation advice will be offered with regards to security configurations and vulnerabilities identified. Most web applications are tested following the (Open Web Application Security Project) OWASP guidelines.

Social Engineering & Physical Penetration Testing

These types of penetration testing have the same objectives as network penetration tests to identify weaknesses and vulnerabilities. However, rather than focusing on a software or hardware system, a social engineering pen test focuses on the people within an organisation. 

Physical Penetration Testing simulates a situation to breach the physical security defences within an organisation and is often utilised within a wider social engineering exercise. Examples can involve pen testers tailgating employees to gain physical access to a building.

A physical penetration test can also include activities such as shoulder surfing to see what confidential or sensitive information can be retrieved and social engineering to gain access to secure or restricted areas. 

Wireless Pen Testing

A wireless network that has not been configured correctly can allow an attacker to exploit the system. All networks will be tested during a wireless penetration test, including corporate and guest networks and wireless access points, to find vulnerabilities that bad actors could exploit.

Related Articles

Outsource Cybersecurity: Expectations vs Reality
12 January 2022

Sapphire has designed its UK-based Security Operations Centre (SOC) to help organisations respond quickly to threats and receive the optimum cyber security protection available today. Organisations across the UK benefit from Sapphire’s twenty-five years of experience from network monitoring to vulnerability management and incident response. Sapphire security analysts have a wealth of knowledge.

Find Out More
How do Endpoint Security Solutions Secure Data?
7 January 2022

When a device connects to business networks, cybercriminals may use this connection to compromise corporate data and put the network at risk. This means that these endpoint devices need to be fully secured to prevent any potential incidents from happening. To do this, organisations must ensure that they are utilising appropriate solutions to protect the front line of their cybersecurity

Find Out More
Endpoint Protection: What is NDR, EDR & XDR?
30 December 2021

‘What are the differences between these three types of detection and response?’ Unlike legacy security tools, network detection and response don’t rely on signature-based security tools. They often can’t detect new cyber attacks unless these signatures have already been recognised as cyber attacks on a network. However, NDR works to monitor and analyse networks via built-in response capabilities.  

Find Out More