Penetration Testing

Penetration Testing, sometimes called ethical hacking or shortened to pen test, is an authorized attack performed to evaluate a system or application in order to find exploitable vulnerabilities so they can be proactively remediated.  


There are many different types of pen tests including: 1) External which determines the security posture of the external (internet facing) network; 2) Internal which tests the controls of internal systems of the organization as if a hacker had bypassed the perimeter; 3) Application which tests applications for vulnerabilities; 4) Wireless network testing which evaluates whether popular wireless LAN infrastructure creates an opening for attackers to exploit; 5) Social engineering which can include sending phishing emails -- or impersonating other individuals on the phone or in person -- to gain access to restricted areas or systems; and 6) Physical testing which evaluates the physical security of an organization including door locks and badge/access controls.


Many of the tests above are often confined to a specific scope of systems or time period.  Another concept in pen testing that is gaining momentum is that of Red Teaming. In war games, the Red Team represents the aggressor whose job it is to test the capabilities of those on defense (Blue Team). In pen testing, Red Team refers to testing in which there are no restrictions related to systems in scope or time windows. Hence, Red Team approaches provide the most accurate simulation of a real-world adversary. 


Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.