Cybersecurity is a massive field with many different roles and responsibilities. Penetration testing is only a small facet of cybersecurity, yet it also covers many areas. It can seem overwhelming to get started in penetration testing due to the massive amount of information that testers need to ingest and internalize, so picking a specific area and specializing, especially in the beginning, can be a good idea. Understanding the differences between different types of penetration tests is the first step to understanding what a good specialty may be, then all that is left is to dive in.
What Types Of Penetration Tests Are There?
Specializing in penetration testing will mean that you will learn as much as you can about a specific type of test and try to carve out a niche as a subject matter expert. This can take time and focus to become skilled at any type of penetration test, so picking a good area to focus on early is a wise decision. This way, only a little time will be spent on something you may not enjoy.
When many people think of penetration testing, they may be thinking of network penetration testing. This is one of the more common paths for those new to penetration testing to explore. This testing involves dealing with a wide range of technologies and protocols. It can be done from many different perspectives with many different goals. The common penetration tests done in this style will be external penetration tests and internal penetration tests.
Network testing is popular since it is often perceived as more exciting than other types of testing. Major vulnerabilities can be surprisingly common during an internal penetration test, where systems are often falsely assumed to be secure if they are not internet-facing. This can lead to some exciting and impactful findings that let the penetration tester breeze through complex systems. External tests, while often more secure, follow a similar approach with thinking outside the box to poke at any weaknesses in the customer’s external network.
One reason many people will specialize in network penetration testing is that it focuses more on networking and network protocols than code, as is the case with other penetration tests. A network penetration tester should have a good understanding of a wide range of technologies, such as IAM tools like Active Directory, web technologies, network protocols, and common products used with internal and external networks. Coding knowledge is certainly a valuable bonus, but not necessarily required.
Another common type of penetration test is web application testing. This will try to uncover vulnerabilities in web applications following a careful and systematic approach. While network penetration tests do briefly explore web app exploitation, web application penetration tests are a deep dive to attempt to exploit coding flaws in the application. This style of testing is often done against proprietary software that a company wants to harden before it is released to the public, and again after any changes. Web app testers should have a baseline understanding of various coding languages, a solid understanding of web technologies, and the desire to dive deep and explore often complex applications.
Physical penetration testing stands out as a very unique style of penetration test. This is going to assess physical security and see how an organization defends brick-and-mortar locations. Physical penetration testers will often have to pick locks, dodge cameras, clone badges, and evade security personnel during their tests. Due to the wide range of required skills, it can take some time to become a proficient physical tester. The most important thing is the ability to remain calm and collected under pressure, as these tests will often be far more timing-sensitive than other types of testing.
Red teaming, while often considered separate from penetration testing, is a combination of many different styles of testing. Red teams emulate advanced threat actors and are often given wide scopes and long timelines to accomplish their goals. There will be a blend of digital and physical testing done depending on the specific goal at hand. A major distinction between red teaming and penetration testing is that red team engagements often have a far greater focus on stealth. Red teamers should have a solid understanding of many types of tests and a careful blend of skills to accomplish multiple goals.
While this covers some of the more popular styles of penetration testing, the umbrella that the term covers is extremely large. There are many other different styles of testing, some of which are often debated regarding whether or not they are even technically a penetration test. A good rule of thumb is to pursue interesting technologies that you want to test. That can be pulled from the list above, or even something new, such as binaries, cars, hardware devices, code review, and just about anything else that requires security.
