What is PEN Testing? 8 Types You Need to Know

Pen Testing

Your company’s network transmits sensitive data every day. You have data coming in and going out. You also have a firewall in place to regulate what happens to this data and how it interacts with your computer systems.

But no firewall is perfect. And hackers come up with new techniques regularly. You need to test your security measures constantly to ensure they’re doing their jobs.

That’s where PEN testing comes in. This article explains what PEN testing is and the various types your organization may use.

Summary: PEN testing is short for penetration testing. It’s a technique that security professionals use to conduct a simulated attack on your computer network and systems. These attacks are a form of ethical hacking designed to expose security gaps so that companies can create fixes and close potential entry points. Types of PEN testing include wireless penetration testing, web application testing, and social engineering. Each has its own purpose and focus in uncovering security weaknesses.

Tip: Not everyone has the resources to run penetration tests. A great alternative is to buy a trustworthy antivirus program and VPN service. That way, you protect your devices from malware and your digital privacy from trackers and hackers.

What is PEN Testing?

PEN testing is short for penetration testing. It’s a technique that security professionals use to highlight issues with network security and identify the security measures they need to put in place. The goal is to check for vulnerabilities in a system so they can be fixed before hackers learn of and exploit them.

PEN testers attempt to breach applications and computer systems using hacking techniques. These may include attempts to inject malware or stress testing efforts, such as conducting Distributed Denial of Service (DDoS) attacks. The insights gained from PEN testing are used to patch security gaps and fine-tune security policies.

The PEN testing process varies slightly based on the tools PEN testers use. However, there are generally five key stages that all PEN tests incorporate:

Step No. 1 – Planning

The penetration testers define the scope of the hacking attempt, including which systems they’ll test, the penetration testing tool used, and what they intend to find. They’ll also gather more information about their network. This allows the testers to understand how the target application works and the areas that real-world attacks might target.

Step No. 2 – Scanning

Before attempting to hack a piece of software, PEN testers scan the software’s code to understand how it works. These scans include static analysis to look at the base code and estimate how it behaves. Some tests include dynamic analysis, which inspects how the code runs in real time.

Step No. 3 – Gaining Access

This is the stage where attacks against the software occur. Penetration testers use a variety of techniques, such as exploiting backdoors, cross-site scripting, and SQL injection to gain access. These efforts simulate a real-world cyber-attack because they exploit vulnerabilities in the software’s code.

Step No. 4 – Maintaining Access

Gaining access highlights exploitable vulnerabilities.

Maintaining access shows that a hacker could use those vulnerabilities to cause serious damage. The testers try to maintain access long enough to demonstrate if the security issue could lead to data breaches and other security concerns.

Step No. 5 – Analysis

Of course, penetration testing only simulates real attacks up to a point. Once the testers have established that they can gain and maintain access, the test ends. From there, they analyze the testing process and create a detailed report about what they found.

This report usually details the vulnerabilities the hacker exploited and what data they could access. These reports also highlight the amount of time the testers managed to maintain access before they were detected, assuming they were detected at all.

The PEN Testing Types

Organizations must understand the different PEN testing types before they begin testing a computer system. This ensures they conduct the right penetration tests to examine the security controls they have in place.

Type No. 1 – Wireless Penetration Testing

Wireless technology is common in modern office and business environments. Most businesses have wireless local area networks (WLAN) that all of their computers and work devices can connect to. The idea behind having a WLAN is to ensure that nobody from outside the network gains access.

Wireless PEN testing ensures that’s the case.

PEN testers examine a range of wireless protocols, such as ZigBee and Bluetooth, in addition to the WLAN itself. Their goal is to establish any existing security flaws, which may include encryption weaknesses or rogue access points that hackers can exploit.

To carry out these tests, a security team needs to know which unique Service Set Identifiers (SSIDs) they need to test and how many networks the organization maintains.

Type No. 2 – Network Service Penetration Testing

These PEN tests are designed to highlight security vulnerabilities within a network’s infrastructure. This infrastructure comprises all of the hardware and software required to keep the network running. Servers, routers, printers, workstations, and firewalls all fall under this umbrella.

Simply put, if it plays a part in running the network or if it connects to the network, it’ll be part of this type of PEN testing.

Security teams use a range of testing tools for these types of tests because there are many types of attacks hackers can use to compromise a network:

·        Bypassing firewalls

·        Attacking databases

·        Router attacks

·        Proxy server attacks

·        Backdoor access through open ports

·        Man in the middle (MITM) attack

Testers recommend conducting external and internal network testing.

External Network Penetration Testing

Testers use any publicly available information they can find about your company and its externally-facing products in these tests. Such information can include company email addresses made available to the public and even your company website.

The tester may also look for data breaches to discover information shared by malicious hackers that may not be in the general public domain. This means they’re using the same tools that real-life hackers use to break into a network.

Often, the data extracted by the testers in external PEN testing is used to crack passwords. It only takes one successfully cracked password to provide a hacker with enough access to find sensitive data.

Internal Network Penetration Testing

Internal testing focuses on the role that a malicious insider could play in exploiting vulnerabilities. The tester assumes the role of an employee who has legitimate access to the company’s internal network based on the organization’s existing controls. They then use this legitimate access to test the internal system’s security and uncover vulnerabilities.

Think of this type of testing as a role-playing exercise. It allows a company to simulate what would happen if an employee goes rogue and tries to hack a system from the inside. The data gathered enables the company to implement better access controls over employees and tighten up security on its most confidential or valuable data.

Type No. 3 – Social Engineering Penetration Testing

A company’s staff are only human.

And as humans, they’re liable to make mistakes. In most cases, these mistakes are minor enough to not cause any major security concerns. However, some staff members could expose confidential information unintentionally through their blunders.

Social engineering testing is designed to ensure staff doesn’t make these mistakes.

Phishing is a good example of a scam that unwary staff members can easily fall victim to. Using specific PEN testing tools, a PEN tester can create a fake phishing email that circulates around an office. This email tests the company’s spam filters and checks to see that staff is informed enough about phishing emails to avoid clicking on them.

If this test email gets any clicks, there’s a clear issue with a system’s defenses that could allow hackers to steal data. That issue is simply that the staff doesn’t know enough to avoid the mistakes that lead to malicious parties getting access. Additional training and education should then be organized to ensure staff members know what to look out for in the future.

Social engineering tests also examine other common causes of a data breach, such as employees sharing personal information that could be used to guess their passwords.

Type No. 4 – Web Application Testing

Many companies create web applications designed to deliver their services over the internet. You likely use many of these applications in your daily life. If you’ve ever logged into Netflix using your laptop, you have the perfect example.

Much like the enterprise software that companies use, web applications can have security vulnerabilities. Furthermore, those vulnerabilities can cause major problems because web applications usually require users to sign up with personal information and their credit card details.

A successful hacking attempt could lead to these web apps giving up data that facilitates identity theft and financial fraud.

For a web app penetration test, the tester must identify the static and dynamic pages available on the app, in addition to any input fields that collect data. This can be a monumental task for an application like Netflix, which offers thousands of streaming movies and TV shows.

The testers also have to examine any plugins the app users, such as ActiveX or Silverlight. Even if the app itself is secure, issues with the components used to create the app could provide the basis for an exploited system. As such, the ethical hackers involved in PEN testing need to look beyond the target environment of the app itself and toward anything the app requires to provide its service.

Type No. 5 – Client-Side Penetration Testing

Every piece of software you use has two sides. There’s the backend side operated by the provider, which covers all of the code, servers, and equipment needed to provide the software to the user. Then, there’s the client side, which is what the applications display to the client.

Client-side penetration testing is used to ensure that what’s delivered to the user doesn’t present security risks to the software provider.

Almost every program or web browser you use is subject to this type of testing. A typical client-side PEN test looks for several key issues:

·        Form hijacking

·        Malware infection

·        HTML injection

·        Cross-site scripting attacks

·        Clickjacking

·        Open redirection

The idea is to ensure that cyberattacks affecting the end user aren’t capable of bleeding over into the provider’s software.

Type No. 6 – Physical Penetration Testing

Though most PEN tests focus on digital aspects, such as software and hardware, companies also have to consider physical security breaches. For example, a malicious party could steal an ID card to gain access to a building containing computer servers. With that physical access, they’d be able to wreak havoc without the company realizing until it’s too late.

Alternatively, the hacker could gain access by posing as somebody who would normally receive access, such as a delivery person.

Physical PEN tests simulate these types of real-world security breaches.

The tests often involve a penetration tester entering a facility under false pretenses. This tests a company’s security personnel by examining whether they’re capable of spotting fake ID documents. Failure to pass these tests suggests that security personnel need more training.

Other types of physical tests can involve literal break-in attempts. In these situations, the testers try to break through any physical security measures a company has, such as ID card readers, biometrics, and metal detectors. Again, the goal is to establish whether somebody could gain physical access to valuable hardware.

Type No. 7 – Mobile Application Penetration Tests

Mobile apps present several risks if they’re not subjected to targeted testing. The app could offer backdoor access to a user’s phone if it doesn’t have appropriate authentication in place. This could lead to data leakage where a hacker gains access to the data, photos, and other information stored on the user’s phone.

That’s a serious problem because this information is used for many purposes. Hackers could steal compromising photographs that they later use to blackmail the owner of the phone. Or, they could take financial information, such as bank account details, that allow them to steal money.

On the app creator’s side, this type of testing also needs to look for issues related to session handling and if the app complies with Android and iOS requirements. They also need to know if the app is still secure on older versions of the Android and iOS operating systems.

Type No. 8 – Configuration Reviews

Every new network needs to be configured to work properly. Configuration reviews focus on finding mistakes in coding and settings that a hacker could exploit. These are extensive tests that can include examining routers, firewalls, web servers, application servers, and any internal software the company uses to do business.

Misconfigurations often create vulnerabilities because they prevent a network from working exactly as it’s supposed to. Even if everything seems fine on the client side, mistakes on the back end can be exploited.

Resources

• Imperva
• RedScan
• PurpleSec
• MitNickSecurity
• SecureWorks

Frequently Asked Questions