Penetration testing is also known as ‘Pen testing’. The sole purpose of penetration testing for which it was designed is to test computer systems, networks or application and find loop holes in it from where attacker could exploit.
Penetration testing can be done automatically or manually, but in both ways procedure for undertaking it remains the same. It includes gathering information as much as you can before initiating the test, then identify weaknesses in system or application after that try to break in while using those loop holes and in the end report back your findings.
The main purpose of this testing is to identify weaknesses, analyze them that from where someone can break in and try to give best findings which will help company to make more secure procedures, applications etc.
Now a days a lot of people get confused between penetration testing and vulnerability assessment, but in real there is a lot of difference between these two terms and in their meanings. Purpose of vulnerability assessment is only to look for the weaknesses identify them and once identified then only report them. But on the other hand in pen testing you have to exploit weaknesses to confirm that is there any possibility of threat or malicious activity.
It is the simplest form of penetration testing in it testing was performed by the IT team of the organization and pen testing team working together. It is also called light turned on approach because every employee of the organization can see the test.
Purpose of external pen testing is to identify company’s external weaknesses. They target external servers, devices, domain name, e-mail server etc. once they have identified all the weaknesses they try to get in an examine if some gain access how far he/she can go into it.
This type of test is conducted to make sure that company is safe from his employees as well. In this testing main focus is to identify that if an authorized person try to damage company or to cheat them how far he can go and what steps can be taken to restrict him.
As it is obvious from its name in this type of testing you limit the information given to the team who are performing test. Sometimes you only give name of the company to them, this type of testing can take a lot of time and it is also very expensive. Their main purpose is to simulate actions of real attackers.
Double blind testing is one step ahead of blind testing. In this type of testing you take the result and findings of blind testing and carry it one step further. In it only few people from the company knows that pen testing is carried out. It is also used for monitoring organizations security or any incident identification.