TYPES OF PENETRATION TESTING
TYPES OF PENETRATION TESTING
Overt Penetration Testing:
Using overt penetration testing, you work with the organization to identify
potential security threats, and the organization’s IT or security team shows you
the organization’s systems. The one main benefit of an overt test is that you
have access to insider knowledge and can launch attacks without fear of
being blocked. A potential downside to overt testing is that overt tests might
not effectively test the client’s incident response program or identify how
well the security program detects certain attacks. When time is limited and
certain PTES steps such as intelligence gathering are out of scope, an overt
test may be your best option.
Covert Penetration Testing:
Unlike overt testing, sanctioned covert penetration testing is designed to sim-
ulate the actions of an attacker and is performed without the knowledge of
most of the organization. Covert tests are performed to test the internal
security team’s ability to detect and respond to an attack.
Covert tests can be costly and time consuming, and they require more
skill than overt tests. In the eyes of penetration testers in the security industry,
the covert scenario is often preferred because it most closely simulates a true
attack. Covert attacks rely on your ability to gain information by reconnais-
sance. Therefore, as a covert tester, you will typically not attempt to find a
large number of vulnerabilities in a target but will simply attempt to find the
easiest way to gain access to a system, undetected.
Comments
Post a Comment