November 2, 2022

An Introduction to Penetration Testing: Part II

Different types of penetration testing, tools for penetration testing, when to perform it, benefits, skills needed and go over career path and salaries again

In the first part of our Penetration Testing blog series, we provided an overview of exactly what penetration testing is, why it’s used and how to carry it out. In the second part we will take you one step further and explore: the different types of penetration testing, the tools required to carry out penetration testing and when to perform it.

Before we start though, let’s just recap exactly what Penetration testing is:

“Penetration testing, also known as a pen test or ethical hacking, is a simulated cyber attack carried out by a company on its own computer system in order to assess its vulnerability to outside threats.”

Now that we have our definition, let’s dive back into part two.

What are the different types of Penetration Testing?

This can be split into two sections.

1. Penetration testing based on knowledge of the target:

Black Box

  • When the attacker does not know the target, then it is called black-box testing. Here the Pentester uses automated tools to find the vulnerabilities and loopholes of the systems which can often take quite a lot of time

White Box

  • This is where a  Penetration Tester has full knowledge about the target. Here white box testing takes less time when compared to black-box testing

Grey Box

  • When the tester has a bit of information about the target, it is referred to as grey box penetration testing 

2. Penetration testing types based on the position of tester:

  • External penetration testing – Testing conducted outside the network
  • Internal penetration testing – Testing conducted inside the network
  • Targeted testing – Performed by the organisation’s IT team and the Pen testing team
  • A blind penetration test –  Tester with no prior information except the organisation name
  • Double-blind test – Only one or two people within the organisation might be aware of a test

What are the Tools Used by a Penetration Tester?

The important tools used are:

  • NMap – This tool is used to trace the route, vulnerability scanning, port scanning, etc…
  • Nessus – Traditional network-based vulnerabilities tool.
  • Pass-The-Hash – This tool is used for password cracking.
  • Nessus – This tool is used for network and web application vulnerability scanners.
  • Wireshark – This tool is used for profiling network traffic and for analyzing network packets.

When to Perform Penetration Testing?

This is a process that needs to be performed regularly for securing the system. It is advised to also perform the task: 

  • When the security system identifies new threats by attackers
  • When you add a new network infrastructure
  • When you set up a new program/ policy
  • When you update your system or install any software

What are the benefits of Penetration Testing?

  • Enhancement of the Management System − this will provide detailed information about the security threats and it will also measures the vulnerabilities levels and suggest to you, which one is the main priority and which one is less so. This feature helps the Pentester to accurately manage the security system
  • Avoid Penalties: Fine − will help in keeping major activities updated in an organisation whilst also protecting you from giving fines
  • Avoid Financial Damage − can protect your organisation from a simple breach of a security system that may cause millions of pounds of damage
  • Customer Protection − can protect your organisation and ensure that you keep your customer’s data intact and this will in turn help in avoiding financial and reputation damage

Thus ends our two part series on Penetration Testing, we hope this has given you a detailed understanding of exactly what penetration testing is, why it is necessary and just how it is carried out and it’s importance.

If you would like to find out more about a career as a Penetration Tester – please contact our team of dedicated Course and Career Advisors and we can provide you with a step by step guide of just how to achieve this goal. Contact us today.


You may also like


4 Jobs You Can Get With A CompTIA A+ Qualification

The CompTIA A+ qualification is the perfect starting point for anyone who is looking to start their I.T. career. Before we go into just a selected few roles which you can apply for it’s essential to quickly recap exactly what you’ll learn with the qualification and...

Oct 23, 2023

What is the CompTIA A+ Qualification?

The technology industry is one of the fastest growing industries in the world. Every year, new technologies are developed and released, and the demand for qualified IT professionals grows along with it. If you're considering a career in IT, now is the time to make...

Oct 14, 2023

What is an Ethical Hacker?

In today’s blog we want to look at ethical hacking, there’s no doubt you’ve seen the role and have been attracted to the salary but what exactly is an ethical hacker? In an era where technology is involved in every aspect of our lives, ensuring the security and...

Jun 20, 2023

What are phishing emails?

“75% of all cybercrimes start from an email” This is a truly shocking statistic. In today's digital age, email has become an integral part of our lives. We use it for personal and professional communication, online shopping, and even financial transactions. While...

Apr 25, 2023

Red Team VS. Blue Team

Cyber security is a vital aspect of modern-day business operations. With the increase in cyber threats, companies need to have robust security measures to protect themselves from these threats. Two terms that are commonly used in cyber security are red team and...

Apr 17, 2023

How To Protect Yourself From Cyber Attacks

In today's digital age, the internet has become an integral part of our lives. While it has made our lives easier, it has also made us vulnerable to cyber attacks. Cyber attacks can take various forms, such as phishing scams, ransomware attacks, identity theft, and...

Apr 4, 2023

Defining a cyber attack and how to stop them

A cyber attack is a deliberate attempt by an individual or a group to exploit a vulnerability or weakness in a computer system or network in order to gain unauthorised access, steal information, disrupt normal operations, or cause damage to the system or network....

Mar 28, 2023

Can You Get Into I.T. Without A Degree?

Today, in this blog, we want to abolish a major myth. It’s a question that comes up over and over again. It stops people who have the potential to pursue an IT career from actually doing so. And it’s this statement: “Don’t I need a degree to work in IT?” If an IT...

Mar 20, 2023

The Next Steps Up The Job Ladder & The Certifications Required

In our most recent blog post we identified how the CompTIA A+ and other entry-level certifications prepare you for an entry-level IT position. However, the value of obtaining a certification doesn’t just stop with entry-level roles. There are a plethora of further...

Mar 10, 2023