Penetration testing is an extremely important testing aspect when we consider the optimum level of security for any system pertaining to crucial importance. It can be defined as a simulation testing done to check how the system security reacts to an actual attack. As it would be evident, penetration testing is done to check the weak points in the system and test the security features incorporated by the security team and gauge the overall security level of the system. A system referred to in the article can range from a simple computer system to a complex network.
Depending upon who performs the penetration testing, who all in the company is viewing the test results and the level of brutality if the test penetration testing is classified into various categories:
- Target testing: Just like a doctor performs tests to confirm his diagnosis, these types of tests are carried out in specific areas, and the test and its results are open for viewing to all.
- External testing: This type of testing, as the name suggests, is carried out to check how far can an external attacker enter into the system from outside.
- Internal testing: This type of testing tests a hypothetical situation when some employee of the office from within attacks the security system of the company and poses a threat. This test checks the extent of damage done in such situations.
- Blind testing: A blind testing is generally done secretly with just the security team knowing about it. The rest of the company is unknown about the test. Due to the added levels of secrecy to be maintained and high sophistication required to fabricate a real attack, the cost of these tests is high.