In partnership with

Try beehiiv absolutely free with no credit card required.

Special Message: Dear Reader

Before we begin, do me a favor and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!

11 types of penetration tests that one can learn…

Penetration tests are part of the overall umbrella of services, titled 'security assessments'.

NIST defines a 'penetration test' as, 

...a type of security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. It often involves launching real attacks on real systems and data that use tools and techniques commonly used by attackers. Most penetration tests involve looking for combinations of vulnerabilities on one or more systems that can be used to gain more access than could be achieved through a single vulnerability..." (Ref: Section 5.2, Page 36, NIST SP 800-115)

Disclaimers

1. While pentesting seems glamorous (who doesn’t like the power to break into any machine or tech!), it is a paradigm shift (from builder to breaker). So make sure you are clear about the why.

2. For all adrenalin hunters out there who crave pentesting jobs, you should know that 

   1. not every day is exciting in a pentester's life. 

   2. You will be expected to contribute to business, in your own way, handle customer expectations, and evolve into an efficient hacking machine with excellent soft skills (eventually, of course).

   3. A lot of pentesting is expected to be a controlled simulation of an attacker's behaviour (also called TTP - Techniques, Tactics, and Procedures). What this means is - you will be expected to be able to prove weaknesses in your customer's environment without bringing it down or making it more vulnerable in the process.

   4. AI is slowly making its impact felt. While these seem to be early days, AI will have a significant impact on pentesting and on security assessments in general.

Over a period of time, many varieties of penetration tests (pentests) have come into existence. Here are some types of pentests that one can dive into, for a holistic experience.

Now that we have covered our bases, let us dive into each area.

1. IT Infrastructure Penetration Test (Pentest)

   It is a comprehensive assessment designed to evaluate the security posture of an organization’s core infrastructure components. The main goal is to identify vulnerabilities within various elements of the IT network (excluding web applications), such as servers, network devices, and security appliances like firewalls, Network Access Control (NAC) systems, and Privileged Identity Management (PIM) solutions.

   Key Components of IT Infrastructure Pentesting

   1. Network pentest (internal/ external)

   Wired Network :Slowly getting out of fashion ('assume breach', mentioned below, is taking over), this basically means 'connect to a network and show me, in a controlled way, what an attacker could do if they got access to our network'.

   Wireless Network: - test the security of the WiFi network. See if you can gain access to the internal network by breaching their wireless network.

   2. Active Directory testing (unde the disguise of 'assume breach') - You get valid, working, Active Directory credentials (of a normal, low-privilegee user) and act like an attacker, again, in a controlled manner. That basically means running things yourself - so that you can stop it whenever asked - rather than allowing your AI agent or other click-to-pwn scripts to run amok.

2. OT Infrastructure Pentest

   An OT Infrastructure pentest targets vulnerabilities in critical systems like ICS, SCADA, and OT networks used in industries such as energy, utilities, and manufacturing. It identifies flaws in protocols, outdated systems, weak configurations, and insecure communication.

   By simulating real-world attacks, pentesters assess potential disruptions, equipment damage, or safety compromises. The objective is to ensure OT systems are secure against cyber threats, preserving operational continuity, safety, and compliance in increasingly digitalized industrial environments.

3. Web Application (Thin client) Pentest

   
   A Pentest for thin client web applications assesses security by focusing on vulnerabilities like injection flaws, broken authentication, and exposure of sensitive data, with most processing occurring server-side.

   • Internal Web Application:
     Targets apps used within an organization's internal network. Pentesters simulate insider threats, testing access controls, session management, and potential for unauthorized access to sensitive internal data.

   • External Web Application:
     Focuses on internet-facing apps, testing for vulnerabilities like SQL injection, XSS, and CSRF. The goal is to secure customer data and ensure strong encryption and authentication.

4. Thick client Pentest

   A Thick Client Penetration Test evaluates the security of client-side applications that perform significant processing locally, such as desktop apps or rich internet applications (RIAs). These applications often store data locally and have complex user interfaces, making them potential targets for attacks.

   Key Focus Areas:

   • Local Data Storage Security: Assessing how sensitive data is stored on the client machine, ensuring encryption is used to protect it from unauthorized access.

   • Client-Side Code & Reverse Engineering: Analyzing client-side code for vulnerabilities like hardcoded credentials or insecure APIs.

   • Communication Security: Testing for secure communication (e.g., TLS) to prevent MITM attacks.

   • Privilege Escalation & Local Exploits: Identifying vulnerabilities that allow unauthorized privilege escalation or local system access.

   • Authentication & Session Management: Checking for weak session management, token security, and unauthorized access.

   • Update & Patch Management: Ensuring secure update mechanisms to prevent exploitation through outdated or modified clients.

“Security is always excessive until it's not enough." — Robbie Sinclair, Head of Security, Country Energy

All those network-aware desktop applications (MS Teams, anyone?) that need testing, fall into this area.

5. Kiosk Pentest

   A Kiosk Penetration Test focuses on the security of interactive kiosks used in public spaces. Pentesters evaluate physical and network access points, testing for vulnerabilities in local software, communication with backend servers, user input handling, and device tampering risks to prevent data breaches or unauthorized control.

6. ATM Pentest

   An ATM Penetration Test involves testing the security of automated teller machines (ATMs) by simulating attacks to assess vulnerabilities in hardware, software, communication channels, and user authentication methods. The goal is to uncover risks like card skimming, unauthorized cash withdrawals, and data leaks.

7. IoT Pentest

   An IoT Penetration Test evaluates the security of Internet of Things (IoT) devices and their networks. Pentesters assess weak device authentication, insecure communication, unpatched firmware, and vulnerabilities in cloud services, aiming to prevent unauthorized access, data breaches, and device manipulation.

8. Mobile app Pentest

   A Mobile App Penetration Test targets the security of mobile applications on platforms like Android and iOS. Pentesters focus on vulnerabilities in authentication, data storage, network communication, and code obfuscation to prevent unauthorized access and data leakage.

9. AI Testing

   AI Testing assesses the security, fairness, and reliability of artificial intelligence models. Pentesters evaluate AI algorithms for biases, adversarial attacks, data privacy risks, and model vulnerabilities to ensure robust, secure, and ethical AI deployment.

10. Red Team

    A Red Team assessment involves simulating real-world cyberattacks by a team of ethical hackers. They exploit identified vulnerabilities in an organization’s network, systems, or physical security to test defenses, response times, and incident handling, aiming to improve overall security posture.

11. Bug Bounty

    A Bug Bounty Program invites ethical hackers and security researchers to find vulnerabilities in applications, websites, or systems. Organizations reward individuals for discovering and responsibly disclosing security flaws, enabling proactive risk management and strengthening security.

    Penetration Test Type	Key Focus Areas
    IT Infrastructure Pentest	Network pentest, Active Directory testing
    OT Infrastructure Pentest	ICS, SCADA, OT network vulnerabilities
    Web Application (Thin client) Pentest	Injection flaws, authentication issues, sensitive data exposure
    Internal Web Application	Insider threats, access controls, session management
    External Web Application	SQL injection, XSS, CSRF
    Thick Client Pentest	Local data storage security, code reverse engineering
    Kiosk Pentest	Physical and network access, tampering risks
    ATM Pentest	Hardware, software, user authentication vulnerabilities
    IoT Pentest	Weak device authentication, insecure communication
    Mobile App Pentest	Authentication, data storage, communication vulnerabilities
    AI Testing	Biases, adversarial attacks, data privacy risks
    Red Team	Simulated real-world attacks, defense testing
    Bug Bounty	Incentivizes hackers to identify vulnerabilities