Whenever a white hat hacker is approaching a penetration test, they should always define the scope in which they will operate. This usually tells the tester which parts of the system they should approach, as well as which tools and techniques should be used while working. This helps allocate resources and manpower more efficiently while doing a penetration test.
If a penetration tester that was hired by the company gains access to the system because they found a password of an employee in plain sight, this tells the security team that the security practices of the employee are lacking and show where improvements need to be made.
There are many strategies that penetration testers use relatively often:
Targeted testing
The company’s IT team is usually in charge of targeted testing. They work in tandem with the penetration testers in order to do this. This approach is sometimes referred to as the “lights turned on” approach due to the fact that everyone has access to the results and execution of this test.
External testing
External testing is executed in order to find weaknesses in the parts of the system that are visible from the exterior. This includes firewalls, web servers, email servers, and domain names. The objective of this kind of penetration test is to find out if that part of the system can be used to access the deeper parts of the system and how far the hacker can get during that attack.
Internal testing
An attack performed during internal testing starts from behind the firewall and is done by a user that has standard access privileges. This is usually done in order to see what extent of damage can be done by an employee of the company that has malicious intents.
Blind Testing
Blind testing has this name because the information available to the tester is greatly limited due to the fact that it is made to emulate what kind of path a real attacker would take in a quick job. These testers are used to emulate an actual all-out attack that a malicious individual from outside the company would commit and are given almost nothing other than the name of the company that is hiring them. This kind of test can take quite a bit of time due to the time the hacker needs to find where they can access the system, which makes it cost quite a pretty penny.
Double-blind
This is a step-up on the blind test. The double-blind test is a kind of test where only a few people within the organization know that the test is being executed. The employees are not told where or when the attack will happen or who will execute it. This kind of test is very useful due to the fact that it gives some very useful insight into the organization’s security monitoring, as well as the efficiency at which the employees execute the instructed procedures.
Black box testing
This penetration test requires the tester to have no information on the target. It is another variation of the blind test. The tester is instructed to act like an actual attacker and has to find their own entry point and deduce which techniques and tools should be used for the job.
White box testing
White box testing gives the testers great insight into the important information about the system of the company that they are hired to attack. This information can go anywhere from the IP addresses, to the source code, to the infrastructure schematics. The information provided can be flexible depending on the needs of the company.
It is important for every penetration testing team to use different kinds of tests in order to find all of the weaknesses they can. This, in turn, tells them which kinds of attacks could deal the most damage to the system.
Using different pen testing strategies helps pen testing teams focus on the desired systems and gain insight into the types of attacks that are most threatening.