Types of Penetration Tests

External Testing: Testing from outside the network perimeter

• Simulates internet-based attackers

• Tests firewalls, web applications, public services

• No internal network access initially

Internal Testing: Testing from inside the network

• Simulates malicious insiders or compromised accounts

• Tests internal segmentation and lateral movement

• Assumes initial network access

Web Application Testing: Focused on specific applications

• OWASP methodology and tools

• Authentication, authorization, input validation

• Business logic and workflow testing

Wireless Testing: WiFi and wireless infrastructure

• Encryption strength and configuration

• Rogue access point detection

• Wireless client security

Social Engineering: Human-focused attacks

• Phishing campaigns and email security

• Phone-based pretexting attacks

• Physical security and tailgating

Red Team Assessment: Comprehensive adversary simulation

• Multiple attack vectors simultaneously

• Stealth and persistence requirements

• Detection and response testing