What is a vulnerability assessment?
Vulnerability (or "vuln") testing is an effort to measure the effectiveness of network security controls from a technical standpoint. An engineer (i.e. white-hat hacker) performs a series of scans to identify potential weaknesses that, left unchecked, could allow an attacker to compromise the system and/or data integrity.
What is a penetration test?
A penetration (or "pen") test is performed by an engineer (i.e. white-hat hacker) as a more intense version of the standard vulnerability assessment. The goal is to validate weaknesses using manual methods to emulate a malicious attempt to compromise a system and/or data integrity.
What are the different types of penetration tests?
There are four main types of penetration (or "pen") tests.
- External: By far the most common type of penetration testing, an engineer (i.e. white-hat hacker) attempts to remotely exploit vulnerabilities to gain unauthorized access to the victims network.
- Internal: An engineer attempts to gain access and to escalate privileges to administrator level within the internal network. This test is performed on location and requires only a simple Ethernet port to run exploits and identify weaknesses that could provide a point of entry.
- Wireless: An engineer performs an internal penetration test using an existing WIFI connection instead of an Ethernet port.
- Web Application: Engineers utilize tools and testing methods to determine if a web application is susceptible to known vulnerabilities. This test can be performed from both unauthenticated and authenticated perspectives.