With demand for penetration tests rising, the amount of generic requests for a “penetration test” have been coming in to the Nexigen team as of late. Customers are quite often surprised that we can’t provide a one-size-fits-all approach to these tests, this article is aimed at demystifying some of the basics.
Basic Penetration Testing consists of enumerating the vulnerabilities a hacker can exploit, validating them, and then reporting them to the customer. This is very basic, and doesn’t exploit some of the most common “attack vectors” that are responsible for the big, news generating breaches of the past few years. Some of the attacks that are tested include Cross-site Scripting, SQL Injection, and Heartbleed (which we are still finding as a vulnerability frequently).
Advanced Penetration Testing adds in testing of some of these common threat vectors like phishing and social engineering. These testing methods include sending emails to your users to gather usernames and passwords, dropping USB drives with malicious code, and calling users to see if we can get them to allow us access to their computers.
Physical Penetration Testing consists of an attacker simulating a break in at your facility in order to steal equipment of information. During these tests, testers will typically hang a flag or take a picture inside of a privileged area to prove that they were able to break in. Common techniques used are social engineering (charming their way past security or receptionists), lock picking, and checking for movement through plenums and open ceilings.
Vulnerability Scans are not penetrations tests, but can help to discover risks before an attacker exploits them. A vulnerability scanner will discover well known vulnerabilities, report the CVSS score, and provide remediation notes on how to fix the problems. The lack of validation in a vulnerability scan can lead to “false positives” causing you to work on issues that may or may not actually impact your production environments.
These levels directly reference the Nexigen service offerings, but are common practices in any penetration test you might buy in the future. If you have any questions, please reach out to firstname.lastname@example.org.