Basics

Internal Penetration Testing

Network Penetration testing can be classified into two types: internal and external. In internal pen testing, an attacker may have authorized access or start from a point within the internal network, making insider attacks more formidable since the attackers have valuable knowledge about the network and its components. As a Pentester, it is crucial to be proficient in enumerating target networks, users, services, conducting vulnerability assessments, exploiting vulnerabilities, and acquiring escalated privileges to the target.

External Penetration Testing

External Penetration Testing determines the potential security risks posed outside of the network perimeter. It examines an organization's systems and network for vulnerabilities such as missing patches, weak authentication, unnecessary services, and weak encryption that could be used by attackers to disrupt the confidentiality, availability, or integrity of the network. Vulnerability scanning plays a crucial role in any penetration testing engagement, allowing organizations to address every weakness before attackers exploit them.

Therefore, in-depth security testing often includes port scanning, network scanning, and vulnerability scanning to identify IP/hostname, live hosts, and vulnerabilities. A Pentester can then proceed to list the threats and vulnerabilities found in the organization's network and take specific preventive countermeasures to mitigate them.

PreviousJavaScript Obfuscation/Deobfuscation NextNmap favorites

Last updated 4 months ago

Basics

Internal Penetration Testing

External Penetration Testing

PreviousJavaScript Obfuscation/Deobfuscation NextNmap favorites

Last updated 4 months ago