IT Examiner School

Pen Test Strategies

Targeted Testing

External Testing

Internal Testing

mimics an insider attack by an authorized user with standard access privileges (what can happen with a disgruntled employee)

targets externally visible servers or devices (seen by anybody on Internet) to see if they can get into internal systems and how far

performed by the entity’s IT team and external testing team

Pen Test Value

Likelihood of exploiting a low ‐ risk vulnerability to gain higher level access

Detecting vulnerabilities not easily found using

Ascertain the likelihood of gaining system access

standard system protective means

Ability of current security methods to detect or repel an attack

Measure of risk for a cyber attack

List of vulnerabilities needing patching

Additional efforts needed to protect the network(s)/system(s)