External penetration tests
These tests focus on vulnerabilities that may be exploited from outside an organization’s network.
Internal penetration tests
These tests simulate attacks from within an organization’s network. There are three types of internal penetration tests: black box, gray box, and white box. Black box tests are conducted with no prior knowledge of the system being tested, while gray box tests are conducted with some knowledge of the system. White box tests are conducted with complete knowledge of the system.
Application penetration tests
These tests analyze the sturdiness of applications when subjected to serious attacks such as SQL injection and cross-site scripting.
Physical penetration tests
These tests simulate attacks that involve physical access to an organization’s facilities and systems.