A pentest or pentesting exercise involves analyzing the weaknesses of an asset by performing the same tests that a real attacker would do. The purpose is to be able to correct any vulnerability before it is exploited by an attacker.
Depending on the type of asset, the most common pentests are:
External Pentest
External penetration tests consist of simulating cyberattacks from outside the organization’s network perimeter to identify and exploit security vulnerabilities that could be exploited by external attackers. Any asset that is exposed to the internet is analyzed.
Internal Pentest
Internal penetration tests focus on evaluating the security of office networks, systems, and internal applications of an organization from the perspective of an internal threat or a compromised internal user account.
Web Pentest
Penetration testing of web applications involves evaluating the security of web-based applications by simulating attacks to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure authentication mechanisms.
Mobile Pentest
Penetration testing of mobile applications evaluates the security of mobile applications running on various platforms (for example, iOS, Android) to identify vulnerabilities that could be exploited by attackers to compromise user data, device functionality, or even how the app’s implementation can affect back-end services.
Wireless Pentest
Wireless penetration tests involve evaluating the security of networks, protocols, and wireless devices (for example, Wi-Fi routers, access points) to identify vulnerabilities and possible attack vectors.