What is Penetration Testing | Its Types | Its Categories

 

Penetration Testing:

A penetration testing is a subclass of ethical Hacking. The penetration testing prove helpful for to exploit a vulnerabilities

OSSTMM:

Open service security testing methodology manual.

1.      Planning

2.      Discovery

3.      Attacking

4.      Reporting

Categories of Penetration Testing:

Depends upon the organization's company consumer what the want which type of penetration after spending decade of years penetration and testing split into the following categories.

1.      Black Box Penetration

2.      White Box penetration

3.      Gray Box penetration

Black Box Penetration:

`In Black box penetration the organization gives no or little information is found only in this case, only IP range is provided for penetration of the system and found vulnerabilities In OS.

In website penetration the source code of the website is not provided by an organization this is a common senior in this field.

White box Penetration:

In white box penetration testing the organization Give all information the attacker attack on system OS and web application to exploit vulnerabilities and get reward  this is a common senior in this filed.

Gray Box Penetration:

In gray box penetration some information is provided and some hidden organization provide running behind IP but doesn’t tell about the exact version in the web application test code back end server and database is provided by the organization.  

Type of Penetration:

     There are several types of penetration testing following are the one’s most commonly performed.

1. 1.      Network Penetration
2. 2.      Web application
3. 3.      Mobile Application
4. 4.      Social Engineering penetration
5. 5.      Physical Penetration

Network Penetration:

In a network penetration test, you would be testing a network environment for potential security vulnerabilities and threats. This test is divided into two categories: external and internal penetration tests. An external penetration test would involve testing the public IP addresses, whereas in an internal test, you can become part of an internal network and test that network. You may be provided VPN access to the network or would have to physically go to the work environment for the penetration test depending upon the engagement rules that were defined prior to conducting the test.

Web Application Penetration Test

Web application penetration test is very common nowadays, since your application hosts critical data such as credit card numbers, usernames, and passwords; therefore this type of penetration test has become more common than the network penetration test.

Mobile Application Penetration Test

The mobile application penetration test is the newest type of penetration test that has become common since almost every organization uses Android- and iOS-based mobile applications to provide services to its customers. Therefore, organizations want to make sure that their mobile applications are secure enough for users to rely on when providing personal information when using such applications.

Social Engineering Penetration Test

A social engineering penetration test can be part of a network penetration test. In a social engineering penetration test the organization may ask you to attack its users. This is where you use speared phishing attacks and browser exploits to trick a user into doing things they did not intend to do.

Physical Penetration Test

A physical penetration test is what you would rarely be doing in your career as a penetration tester. In a physical penetration test, you would be asked to walk into the organization’s building physically and test physical security controls such as locks and RFID mechanisms