Types of Penetration Testing (With Methodology)
While it’s true that the fundamental nature of penetration testing — probing a system to identify exploitable weaknesses and the damage they could cause — is always the same, each type of system requires a unique approach with certain elements being prioritised. When you consult an expert tester, they’ll advise you on the most suitable testing type (or types) for you.
It may be useful to relate this to the general practice of healthcare. The fundamental system of diagnosing injury and illness so it can be treated is static, but an orthopedist will approach things very differently to a dermatologist — and if your only medical issue concerns your spine, you shouldn’t be receiving salves for your skin.
In this post, we’re going to look at some of the core types of penetration testing, touching upon penetration testing methodology (how they’re planned and executed) as we go. If you’re considering investing in our testing services, this should provide some useful context.
Web application testing
More businesses than ever before are investing in the development of web applications. Accessible on all devices and perfect for complex integration, they can yield remarkable ROI if designed and built smartly — but their ubiquity makes them major security threats. And since they often require personal information to function, they need to be kept secure.
Our web application testing process chiefly involves searching for certain types of flaws that tend to cause the most problems (10 in particular that are acknowledged by the OWASP, or Open Web Application Security Project). Chief among them is a weakness to injection, the process of tricking a system into executing code it was never meant to allow: in a vulnerable web app, this can enable an unauthorised party to extract private data.
When tasked with testing a web application, we’ll investigate it extensively to identify any system weaknesses that could plausibly be exploited, and pass the details along so the developer can make the necessary adjustments. Given how extensively web applications vary, our tester will need to fully understand how it works before getting started.
Wireless network testing
As wireless networking technology has matured and professionals have moved away from fixed desk setups (now having more flexible laptop-based home office configurations), it’s become increasingly common for businesses to move away from cabled network access. This presents some notable security challenges. When you use cables, access is physically restricted — but unless you have perfectly-moduled wireless signal strength, the signal will get out.
This means that someone could plausibly stand nearby and attempt to gain access. If properly secured, a wireless network is perfectly safe, but not every network is properly secured. An old and vulnerable password standard can be left active, for instance, or the default router login information can go unchanged — and if someone can gain network and router access, they can set up redirects or alter other settings for fraudulent purposes.
In most cases, our wireless network testing focuses on office-based networks: these can be generated by regular companies or run for numerous businesses by building landlords. We’ll look for ways in — outdated hardware, poorly-configured software, etc. — and highlight them. We can provide network analysis for the wireless networks used by individual employees, but it’s more economical to simply provide them with adequate training so they can operate safely.
Network infrastructure testing
Very often, the security of a network is undermined not by the channels through which the data is routed (whether it’s wireless or wired) but by the system configuration. In other words, a network can prove vulnerable simply because its infrastructure wasn’t planned with security in mind — or because there was a good plan that wasn’t followed for reasons of convenience.
This is among the most common of the penetration testing types because it factors in a wide range of common issues. For example, a weak network might allow devices with out-of-date software to connect, potentially causing major problems. Alternatively, a lack of strict security rules might allow a regular user to access functions they weren’t intended to reach.
Our approach to this form of testing is to take the perspective of an attacker and look for all viable ways to access your system. To speed things along, we’ll first review your chosen configuration: this will also help us determine which issues are due to flawed planning and which resulted from sub-par execution. Once we’ve thrown everything at your network, our expert tester will collate their findings and produce your final report.
Firewall configuration testing
The entire purpose of a system firewall is to provide perimeter security, keeping threats at bay while minimising interference with authorised access attempts. Given how much system admins rely on their firewalls to safeguard their networks, allowing avoidable vulnerability is not a justifiable risk — a particularly-weak firewall can actually prove entirely counterproductive, messing with authorised users while missing threats from afar.
Each of our firewall security tests begins with a process of in-depth configuration analysis, drawing upon industry tools and insight from our expert tester to figure out two things: what your firewall was intended to do, and what it’s been programmed to do. The next step is to see what it’s actually doing by launching attacks intended to exploit likely points of weakness.
This testing will run through incoming and outgoing activity, probing ports for access, gauging how the firewall reacts to different systems and file types, and seeing what level of demand can be accommodated. The net result will be a comprehensive document detailing where your firewall falls short and offering clear suggestions of viable remedial actions.
Social engineering testing
System security doesn’t begin and end with technical factors. Business networks are designed to be used by people, after all: flawed, forgetful, often-irrational people. However rich and complex authentication processes get, they still need to be simple enough for most people to use. As a result, it’s never possible for a user-accessible system to be fully secure.
Just look at how sophisticated access methods such as biometric authentication can be undermined by necessary backup options. When someone can’t get their fingerprint to work because of an unnoticed smudge on the sensor, they can seek to gain access through a fallback process of account credential recovery — a process that’s less secure, most likely relying on the provision of security answers and backup contact details.
Social engineering is the process of manipulating and exploiting users (or admins, in truth) to get into their systems. Instead of using a brute-force method to find a password, a hacker can contact an unsuspecting user, pose as a IT support assistant, get their login details, and gain entry without needing to exploit any technical weaknesses.
Accordingly, our expert tester will review your system activity to see where you could do more to guard against social engineering. How well do your employees protect their logins? Do they change their passwords regularly? Are there users who have higher-level permissions than they need? Given that internal attacks are also possible, have all users been properly vetted? Our resulting suggestions will show you how you can move towards safe operation.