Penetration Testing
Physical Pentesting
Testing an organization’s physical security through testing locks, access cards, security cameras and other protective measures
Offensive Pentesting
Also called Red Teaming
It is a proactive approach that involves the use of attack techniques, akin to real cyber threats, that seek and exploit system vulnerabilities
Defensive Pentesting
Also called Blue Teaming
It is a reactive approach that entails fortifying systems, identifying and addressing attacks and enhancing incident response times
Integrated Pentesting
Also called Purple Teaming
Combination of aspects of both offensive and defensive testing into a single penetration test
Pentesting Environments
Known Environment
Detailed target infrastructure information from the organization is received
Evaluate vulnerabilities and weaknesses in known systems
Similar to an Insider Threat attack
Partially Known Environment
Limited information was provided to testers who may have partial knowledge of the system
The aim is to identify vulnerabilities in both known and hidden assets
Scenario attack has gained some information through a previous attack
Unknown Environment
Testers receive minimal to no information about the target system
Mimic a real-work attack where an attacker has limited information about assets