Penetration testing

From pentestwiki.org

A penetration test, colloquially known as a pentest, is an authorized simulated attack performed to evaluate the security of a server or a corporation.

There are three types:

  • Black box: The attacker has no information about the target
  • White box: The attacker has full information about the target (i.e. source code, low privilege user password, etc)
  • Grey box: A mix of two above, the attacker has some information and must obtain the other part.

The difference between a penetration test and vulnerability assessment is that the latter only identifies vulnerabilities, usually using an automatic vulnerability scanner as Nessus, Acunetix, OpenVAS, Nexpose, Qualys, etc. And a penetration test identifies and exploits all the vulnerabilities until the security of the whole system or organization is compromised.