An external penetration test assesses the public facing infrastructure and the services hosted on them for vulnerabilities with the goal of compromising those systems or breaching the perimeter if the target uses a VPN service for remote employees.

Publicly available information relating to the target business/organization will be utilized to aid the penetration tester just as a real-life attacker would.

Internal penetration tests can be performed from two main perspectives.

The first is to simulate an attacker who has gained a foothold on your internal infrastructure by any means but does not have valid credentials for any service on the network (black box).

The second is to simulate an attacker who has managed to gain access to a workstation via any remote services or a successful phishing campaign and will start with valid credentials on the network (grey box).

The purpose of the penetration tester is to try to escalate privileges on the network and gain unauthorised access to services and systems with the aim to access potentially sensitive information.

Wireless testing is designed to detect and exploit vulnerabilities in security controls used by wireless technologies and standards, targeting for example misconfigured wireless devices, and rogue access points.

Penetration testing engagements can include social engineering where the tester will assume the role of a made-up entity to try and gain information or access to systems via a crafted email or phone call.

Social engineering will usually require a day of extra time to develop a pretext before sending any emails or calls. This is where information specifically relating to internal business relationships or employee details are used to create a convincing enough social engineering attack.

Web application penetration testing is the process of using penetration testing techniques on a web application to detect and attempt to exploit its vulnerabilities. The penetration tester simulates attacks such as using SQL injection tests.

It’s used on specific web applications that are exposed to either public facing or internal facing audiences where the data held in the web app is deemed to be sensitive and in need of protection.

Red Teaming is a full-scope, multi-layered attack simulation and has a wider scope than just technology, it also includes people, processes and physical security. Examples include attempting to gain unauthorised access to premises and server rooms. Red Team assessments are more targeted than penetration testing, with the goal being to test the organisation’s detection and response capabilities.