Penetration tests don't have to encompass an entire network and focus on specific applications, services, and methodologies. Tests on larger environments can focus on a particular aspect of the network rather than the entire company as a whole. This focus helps organizations budget for upgrades and make time to implement the necessary remediations after a set of smaller pentests without becoming overwhelmed.
Different areas of a company that may get penetration tested include:
- Web applications
- Wireless networks
- Physical infrastructure
- Social engineering
Organizations use web application penetration testing to prevent bad actors from exploiting vulnerabilities on client-facing apps. These tests can vary in complexity due to the vast amount of different browsers, plugins, and extensions that all come into play when running a pen test on a web application.
Web app vulnerabilities can leak sensitive information that may help attackers during the information gathering stage of an attack or get backend access into a specific application.
Agile code can be used to combat these attacks, along with regular testing in sandbox environments on a web development branch. Even after testing and deployment, penetration testers can bring new exploits to light to help companies avoid an actual real attack.
Bug bounty programs are a great way to incentivize ethical hackers to test the latest exploits against different web applications.
The inherent openness of Wi-Fi makes it an attractive target for both curious passersby and dedicated attackers. Penetration testers can use many specialized tools that test the reliability and security of different wireless technologies.
Packet sniffers, rogue access points, and deauthentication attacks can be used to hijack wireless sessions and gain a foothold into a private network. Wireless pen testers can also validate the security settings on a guest Wi-Fi network.
For instance, if access rules aren't configured properly, and the guest network isn't on its own VLAN, an attacker can potentially gain access to the private network from the guest wireless.
No security software can stop someone from physically picking up a server and walking out the door with it. While that may seem far-fetched, brazen criminals utilize social engineering to masquerade as technicians, janitors, or guests to gain physical access to sensitive areas.
In a physical penetration test, doors, locks, and other physical controls are put to the test to see how easily bad actors can bypass them. They can be bypassed. Cheap locks and wireless motion detectors are often easily picked or bypassed, while cheap wireless motion detectors can be or fooled with a bit of ingenuity.
If physical restrictions are present, a tester will usually use a series of non-destructive tools to attempt to bypass any locks or sensors that are in place.
Attackers use social engineering to trick staff members into giving privileged information or access to an organization. This access may be in the form of a phishing email, phone call, or someone physically pretending to be someone they're not on site.
The ultimate defense against social engineering is knowledgeable and trained staff. Email phishing training has been shown to reduce the number of malicious emails opened. Having policies and procedures in place for visitors can also prevent unauthorized physical access.
Social engineering tests often take place in email or over the phone. Software platforms can be used to send fake phishing emails consistently. Those who click links or reply can be automatically given remediation training. Over time this type of training helps strengthen both the IT infrastructure and the knowledge of all staff members.