Penetration tests come in a few different flavors - here's a brief breakdown on each:
I'll use port/vulnerability scans to identify risks on your network, and then use various tools and techniques to leverage those risks the way an attacker would. Goals of a penetration test can include:
- Accessing sensitive/secret company data
- Cracking user passwords
- Planting backdoors
- Exfiltrating data out of the network
Similar to an internal pentest, only the focus will be your external-facing endpoint such as mail servers, VPN portals and firewalls. I'll also look at what your company looks like from an external perspective asking myself questions like:
- What can an attacker about your company's physical locations?
- What sensitive information might your employees be posting on Twitter and Facebook?
- What can I learn about your company's network simply by analyzing files on your public Web site?
- Can I find usernames/passwords for your employees on the dark Web?
Web site / web app penetration test
In this type of test, I'll look for vulnerabilities within a Web application - things like SQL injection, cross-site scripting, authentication issues, and more. I use a combination of manual tools and techniques (while following the OWASP methodology) for these types of tests. Common targets include:
- Custom web applications
- Remote access / VPN portal