Page 66 - Cyber Defense eMagazine forJune 2021
P. 66
simulating real-life attacks carried out by intruders and spotting vulnerabilities that can be leveraged
outside the network.
2. White-box testing. Contrary to the technique discussed above, the tester has a 360-degree
access to system information such as the source code and the environment and is able to conduct
an all-inclusive security analysis using code analyzers and debuggers to determine both internal and
external exposures.
3. Gray-box testing. Finally, the penetration testing engineer may have limited data about the
business’ software, like design and architecture documentation, and behave on behalf of a
cybercriminal with a long-standing access to the system.
Top 5 penetration testing types
Unfortunately, all security risks are hard to envisage. Still, businesses may keep them to a minimum by
timely applying QA to determine weak points in the system with the help of a realistic, in-depth
analysis that penetration testing provides. Therefore, I suggest delving deeper into its types below.
1. Network services
Carried out both locally and remotely, it detects security flaws in the organization’s
network infrastructure by covering high-priority aspects such as servers or workstations. In the scope of
assuring quality, the engineers make sure that a company would manage to withstand a
number of widespread attacks including SSH, DNS, database, proxy server hacks, and more. Since the
network is an essential part of any organization and is responsible for business continuity, it’s wise to
perform external and internal penetration tests.
2. Web application
This time- and effort-consuming penetration test helps define vulnerabilities in web
applications, browsers, and multiple components like APIs by identifying every part of
the apps leveraged by users. Performed professionally, it traces the most pervasive application weak
points ― from bad session management to issues in code.
3. Social engineering
Generally, the core objective of cybercriminals is to deceive users by making them intentionally provide
the desired sensitive data like credentials. Amid the COVID-19 outbreak, this verification plays first fiddle
due to the boost in phishing schemes. To define security bottlenecks, the engineers utilize social
engineering attacks such as phishing, scareware, tailgating, and others.
4. Wireless
In this case, the QA team seeks any kinds of weak points that can be used within the extensive chain of
all the devices ― from laptops to smartphones ― connected to the corporate Wi-Fi. Accordingly, QA
teams frequently run these tests onsite to be within the range of the signal. Wireless penetration
testing means a great deal since without regular quality assurance, the intruders obtain unauthorized
access to the organization’s network by applying diverse Wi-Fi hacking tools.
5. Physical
These kinds of tests often lack the appropriate focus, which is a big mistake. By making use
of divergent security loopholes, the attackers can sneak into a server room and take control of a
network. To prevent such a case, it’s vital to spot vulnerabilities in sensors and locks in advance.
Cyber Defense eMagazine – June 2021 Edition 66
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.