types of pen tests

Types of Penetration Testing

By Dr. Rey LeClerc Sveinsson, ERMProtect

A penetration test, also referred to as a pen test or ethical hacking, typically involves a team of security professionals, working to penetrate a company’s networks or servers. They do this by finding vulnerabilities and then exploiting them. Penetration tests are an effective defense mechanism because they mimic real-world attacks. They allow you to see the weak points in your cybersecurity perimeter — whether that be backdoors in the operating system, unintentional design flaws in the code, or improper software configurations.

Penetration tests are designed to be intense and invasive. They can be conducted on hardware, software, or firmware.

Penetration testing can fall into one of these categories:

1.      Black box testing

Black box testing is concerned with a brute-force attack. In this scenario, the simulation is that of a hacker who does not know the complexity and structure of a company’s IT infrastructure. Therefore, the hacker will launch an all-out attack to try to find and exploit a weakness. The penetration tester is not given any information about a web application, its source code, or any software architecture. The tester uses a “trial and error” approach to see where the vulnerabilities exist in the IT infrastructure. This type of penetration testing most closely mimics a real-world scenario, but it can take a long time to complete.

2.      White box testing

White box penetration testing is the opposite of this first technique. In white box testing, the tester has full knowledge of the IT infrastructure, with access to the source code and software architecture of a web application. This gives them the ability to zero in on specific parts of the system and perform targeted component testing and analysis. It’s a faster method than black box testing. However, white box penetration testing uses more sophisticated pen testing tools, such as software code analyzers or debugging programs.

3.      Gray box testing

Gray box testing uses both manual and automated testing processes in a scenario in which the tester has partial knowledge of the internal IT infrastructure. The tester might receive the software code, for example, but not the system architecture details. Gray box penetration testing is a hybrid of white box and black box testing, allowing the pen tester to use automated tools for an all-out assault while focusing manual effort on finding “security holes.”

These overarching types of penetration testing methods can be further subdivided into specific types that include:

Social engineering tests

With a social engineering penetration test, the tester tries to persuade or fool employees into supplying sensitive information, such as a username or password. There are a variety of social engineering penetration attacks, including phishing, vishing, smishing, impersonation, tailgating, whaling attack, pretexting, baiting, or dumpster diving, among others. Improving employee awareness by supplying training on common social engineering attacks is one of the best ways you can prevent an attack from occurring or succeeding.

Web application tests

Web application penetration testing looks to gather information about the target system, find vulnerabilities, and then exploit them. The end goal is to completely compromise the web application. This pen test uses software to assess the security vulnerability of web apps and software programs. These tests are more thorough and detailed. As a result, scoping is important as a significant amount of time and resources must be devoted to adequately test the entirety of a web application.

Physical penetration tests

In a physical penetration test, the ethical hacker tries to get past the physical security barriers and gain access to your business’ security infrastructure, buildings, or systems. It assesses the various physical controls you have in place, including barriers, cameras, sensors, locks, alarms, security guards, among others.

Network penetration tests

Network penetration testing finds security vulnerabilities in networks, systems, hosts, and devices by purposefully using malicious techniques to assess the network’s security responses. The goal of network penetration testing is to find security exploits that put your business at risk of a data breach before hackers can discover and exploit them. Ethical hackers try to break into the network by using any means necessary, specifically, by using methods a real hacker would use. Network penetration testing provides one of the highest levels of security assurance a business can have.

Client-side penetration tests

Client-side penetration testing, also known as internal testing, is the act of exploiting vulnerabilities in client-side application programs such as an e-mail client, web browsers, Macromedia Flash, Adobe Acrobat, and others. Client-side security requires penetration testing because client-side attacks can quickly compromise your critical assets and information. It is vital to assess your employee’s susceptibility and your network’s capability to recognize and respond to the client-side attacks. One of the biggest client-side vulnerabilities often occurs when an unpatched software exists on a laptop or desktop. A hostile actor could exploit a vulnerable application through a specifically crafted email or by enticing the employee to visit a malicious web page.

Wireless penetration tests

This pen test shows open, unauthorized, or low-security hotspots and Wi-Fi networks and tries to infiltrate through them. Wireless pen testing is a method that supplies detailed information on all vulnerabilities related to your Wi-Fi networks. It’s a deep dive into what networks exist, how powerful their security is, and what devices connect to them — and how.  Wireless pen testing includes connectivity to devices such as desktop and laptop computers, tablets and mobile devices and Internet of Things (IoT) devices.


All types of penetration testing should consider both internal and external components of an IT infrastructure. Finding vulnerabilities present in the system is the first major step in this process. This is followed by corrective action that must be taken on vulnerabilities to address these findings. The same penetration tests should be repeated until vulnerabilities are not found.

ERMProtect Penetration Testing

An organization’s goal should be to avoid a data breach entirely. This entails penetration testing, investments in technological infrastructure, excellent vulnerability, and risk management, etc. Although some functions may be automated, pen testing relies heavily on skilled, experienced professionals who are able to analyze systems in the same way that hackers would.

ERMProtect can recommend penetration tests needed for your specific business domain and IT infrastructure. Additionally, ERM Protect can advise on the necessary procedures and investments aimed at building a more secure environment within your organization.

Click here to get a pen test quote or contact us at 800-259-9660 or at [email protected].

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

NIST Cybersecurity Framework

Complete Guide to the NIST Cybersecurity Framework 2.0

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 2

We asked Akash to take a trip down memory lane and discuss some of his more interesting intrusion cases. This is Part 2 of “Musings from Pen Tester’s Diary.” …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 1

Ever want to peek inside the mind of an ethical hacker? Akash Desai, our Director of IT Consulting for 18 years, is sharing his diary of experiences “hacking” banks, factories, fire departments, airports, etc …