This is the second in a series of my posts on Penetration Testing. Please look for tomorrow’s.

Today’s is an introduction into types on Penetration Tests. It is important to remember that Penetration Testing is done on mobile devices, technology in airplanes and boats and so much more than just infrastructure associated with networks.

Some Types of Penetration Tests

  • Client-side test: This test can find vulnerabilities and exploit web browsers, editing programs and more.
  • Network services test: This can be done remotely to see what can be accessed or internally to see how much a disgruntled employee with good skills can access.
  • Remote dial-up war dial: This is used to test modems and is done via countless guessing of passwords or by logging into connected systems using brute force.
  • Social engineering test: This is using a `line` to convince someone to give you information. For instance a penetration tester calling the secretary asking for the managers password because he forgot to give it for the penetration test. Yes people do give away such information when there is trust.
  • Web application test: This is used to find the vulnerabilities in web-based applications and programs
  • Wireless security test: This is used to find either unauthorized access points or security weaknesses in authorized wireless access points.

Hints and Notes

Network Footprinting (Reconnaissance) There are two types of penetration tests, Active and Passive. Passive is getting as much information as possible using tools but not actually penetrating and may also involve social engineering. It is researching while remaining undetected. The second, Active, is using tools to actually penetrate.