What Are The Types Of Penetration Testing? | PurpleSec

Penetration testing attempts to exploit weaknesses or vulnerabilities in systems, networks, human resources, or physical assets in order to stress test the effectiveness of security controls. The different types of penetration tests include network services, applications, client side, wireless, social engineering, and physical. A penetration test may be performed externally or internally to simulate different attack vectors. Depending on the goals of each test, a penetration tester may or may not have prior knowledge of the environment and systems they’re attempting to breach. This is categorized as black box, white box, and gray box penetration testing. Continue reading: https://purplesec.us/learn/types-penetration-testing/ Video Chapters ------------------------------ 00:00 - Introduction 01:08 - What Is Penetration Testing? 02:59 - What Is The Primary Purpose Of Penetration Testing? 04:11 - Reporting On Findings 05:20 - What Are The Different Approaches To Penetration Testing? 05:48 - Black Box Testing 06:44 - White Box Testing 07:56 - Gray Box Testing 09:20 - Network Services 10:34 - Web Applications 13:09 - Client Side 13:50 - Wireless 15:06 - Social Engineering 16:19 - Physical About The Author ------------------------------ Jason Firch, MBA https://purplesec.us/cyber-security-experts/jason-firch/ Related Videos ------------------------ ► What Is Vulnerability Management? https://youtu.be/RE6_Lo2wSIg ► Common Types Of Network Security Vulnerabilities In 2022 https://www.youtube.com/watch?v=2VaPTIuRs4k ► 7 Data Loss Prevention Best Practices https://www.youtube.com/watch?v=-Jpec7tOQqM ► The 3 Types Of Security Controls https://www.youtube.com/watch?v=NLzgcDX6rkE ► Red Team VS Blue Team: What’s The Difference? https://www.youtube.com/watch?v=jNY59pil8Tk ► What Is A Security Operations Center? https://www.youtube.com/watch?v=M24YUsv5xlg ► Firewall Penetration Testing: Steps, Methods, & Tools https://www.youtube.com/watch?v=0Izu0J6iSoM Resources & Links ------------------------------ A Beginner’s Guide To Understanding Penetration Testing https://purplesec.us/resources/penetration-testing-guide/ 50 Free Information & Cyber Security Policy Templates https://purplesec.us/resources/cyber-security-policy-templates/ What Is A Penetration Test? A penetration test involves a team of security professionals who actively attempt to break into your company’s network by exploiting weaknesses and vulnerabilities in your systems. Penetration tests may include any of the following methods: Using social engineering techniques to access systems and related databases. Sending of phishing emails to access critical accounts. Using unencrypted passwords shared in the network to access sensitive databases. These attempts can be far more intrusive than a vulnerability scan and may cause a denial of service or increased system utilization, which may reduce productivity, and corrupt the machines. In some cases, you may schedule penetration tests and inform staff in advance of the exercise. However, this wouldn’t be applicable if you want to test how your internal security team responds to a “live” threat. For example, red team exercises are often performed without informing staff to test real-world threat scenarios. In this case, it’s important to inform the blue team lead, CISO, or upper-level management of the exercise. This ensures the response scenario is still tested, but with tighter control when/if the situation is escalated. Regardless of the scenario you should conduct a penetration test with a specific intent and clearly define your wants and needs with the penetration testing team. For example, you may just finish rolling out a new security program for your business and want to test its effectiveness. A penetration test can determine if certain objectives of the program have been achieved such as maintaining 99.99% availability during an attack, or ensuring data loss prevention (DLP) systems are blocking would-be attackers from exfiltrating data. -------------------------------------- ► If you need help securing your business from cyber attacks then feel free to reach out: https://purplesec.us/consultation/ ► Follow us on Twitter: https://twitter.com/Purple_Sec ► Find us on Pinterest: https://www.pinterest.com/purple_sec/ #pentesting #PurpleSec #cybersecurity