A penetration test is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in your systems.
Black-box test—The penetration tester has no prior knowledge of a company network. For example, if it is an external black-box test, the tester might be given a website address or IP address and told to attempt to crack the website as if he were an outside malicious hacker.
White-box test—The tester has complete knowledge of the internal network. The tester might be given network diagrams or a list of operating systems and applications prior to performing tests. Although not the most representative of outside attacks, this is the most accurate because it presents a worst-case scenario where the attacker has complete knowledge of the network.
Gray-box test—The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company.
Web application penetration tests involves testing the security integrity of a company’s browser-based applications.
Network penetration tests are used to find places a hacker might exploit in various systems, networks, network devices (think routers, switches), and hosts.
Cloud security penetration tests are essential in helping companies invested in cloud technology protect vulnerable assets.