What is a Penetration Test

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.

Different Approaches To Penetration Testing

Blackbox

Black box testing, also referred to as external penetration testing, gives the ethical hacker little to no early information about the IT infrastructure or security of the company beforehand. Black box tests are often used to simulate an actual cyberattack.

Tests start from outside the network where the tester doesn’t know about in-place security systems or local network architecture. Since the simulated attack is blind, these tests can be the most time-consuming.

Whitebox

White box testing is where the tester has full knowledge of the network infrastructure and security systems in place. While these tests don’t mimic what a real outside attack might look like, they are one of the most thorough types of tests you can have performed.

White box tests can also simulate what an inside attack may look like since the tester starts inside the network with insider knowledge of how the network is structured. While white box testing can be completed quickly due to its transparent nature, enterprise organizations with many applications to test may still have to wait several months for complete results.

Graybox

Gray box is a blend of the first two techniques and allows the tester partial access or knowledge into the company network. Gray box is often used when testing a specific public-facing application with a private server backend. With this combined information, the tester can attempt to exploit specific services to gain unauthorized access into other parts of the network.

The timeframe for a gray box test is usually less than a black box test, but longer than a white box test due to the testers’ limited network knowledge of the network.

Do you want to receive more information?

Fill out the form to be contacted as soon as possible by one of our consultants.