Frequently Asked Question

All Categories » Penetration Testing

1. Type of Penetration Testing

Last Updated 10 months ago

1. Based on Knowledge of the Target

Black Box Testing

  • Tester Knowledge: No prior knowledge of the system.

  • Goal: Simulates an external attacker.

  • Focus: Reconnaissance, perimeter vulnerabilities.


White Box Testing (Clear Box)

  • Tester Knowledge: Full knowledge of the system (source code, architecture, etc.).

  • Goal: Comprehensive assessment from the inside.

  • Focus: Internal logic, code vulnerabilities, backdoors.


Gray Box Testing

  • Tester Knowledge: Partial knowledge (e.g., credentials, API access).

  • Goal: Mimics an insider threat or privileged attacker.

  • Focus: Logical flaws, access controls, deeper-level issues.


2. Based on Target Scope

Network Penetration Testing

  • Target: Internal and external network infrastructure.

  • Includes: Firewalls, routers, switches, VPNs, and network services.

  • Goal: Find vulnerabilities in network configurations or protocols.


Web Application Penetration Testing

  • Target: Web apps and APIs.

  • Includes: XSS, SQL injection, session management flaws.

  • Goal: Discover flaws in the app’s logic, authentication, and data handling.


Mobile Application Penetration Testing

  • Target: Android and iOS apps.

  • Focus: API usage, insecure storage, hardcoded secrets, permissions abuse.


Wireless Penetration Testing

  • Target: Wi-Fi networks, protocols, and connected devices.

  • Includes: Rogue APs, WPA/WPA2 attacks, man-in-the-middle attacks.


Cloud Penetration Testing

  • Target: Cloud environments (AWS, Azure, GCP).

  • Focus: Misconfigured storage, access controls, IAM roles, and exposed services.


IoT Penetration Testing

  • Target: Embedded or smart devices.

  • Focus: Firmware flaws, hardware interfaces, insecure communication protocols.


3. Based on Testing Objective or Scenario

Social Engineering Testing

  • Target: Human users.

  • Includes: Phishing, pretexting, baiting.

  • Goal: Assess susceptibility to manipulation or phishing attempts.


Physical Penetration Testing

  • Target: Physical premises and access controls.

  • Focus: Locks, badge systems, surveillance bypass, unauthorized access.


Red Team Testing

  • Scope: Multi-layered, real-world attack simulation.

  • Includes: Digital, physical, and social engineering attacks.

  • Goal: Test overall detection, response, and resilience of an organization.


Client-Side Penetration Testing

  • Target: Workstations, user-side software (e.g., browsers, plug-ins).

  • Focus: Exploitable vulnerabilities in end-user environments.

Loading