Open-box pen test
In an open-box test, the hacker is furnished with certain information beforehand about the target company’s security infrastructure.
Closed-box pen test
Also recognized as a ‘single-blind’ test, this approach involves the hacker receiving minimal to no background information, aside from the name of the target company.
Covert pen test
Also referred to as a ‘double-blind’ pen test, this scenario entails minimal awareness within the company about the ongoing pen test, including among IT and security professionals responsible for addressing potential attacks. In covert tests, it’s crucial for the hacker to have comprehensive written details regarding the scope and other specifics of the test beforehand to prevent any potential issues with law enforcement.
External pen test
During an external test, the ethical hacker focuses on evaluating the company’s external-facing technology, including their website and external network servers. In certain instances, the hacker may be restricted from accessing the company’s premises. This could entail executing the attack from a remote location or conducting the test from a parked truck or van nearby.
Internal pen test
During an internal test, the ethical hacker conducts the assessment from within the company’s internal network. This type of test is valuable for assessing the potential damage that a disgruntled employee could inflict from within the company’s firewall.