In this approach to testing, the penetration testing team does not have any knowledge of the internal working of target systems. Thus, black box penetration testing is an audit that stages an external malicious attacker with only public information on your company such as your website URL or your employees LinkedIn pages.
Cybersecurity Services
As a freelancer, I offer multiple cybersecurity services:
- Intern CTF training to improve your employees technical skills
- Penetration testing
Grey box
Grey box penetration testing is an audit that stages a malicious third-party service with some relevant information on your company such as IP addresses or API endpoints. These information could be specified by your CISO.
Internal
Internal penetration testing is an audit that aims at performing tests inside the company or sometimes through a VPN. Most of the time, penetration testers go to the company’s buildings, bring their equipment and put themselves in the shoes of an internal attacker.
Security code audit
Security code auditing aims at reviewing the source code to discover if there are any potential security weaknesses, bugs, exploits or violations of programming standards.
Social engineering
Social engineering penetration testing focuses on people and processes and the vulnerabilities associated with them. These penetration tests typically consist of an ethical hacker conducting different social engineering attacks such as phishing, USB drops, or impersonation that a person could face during the course of their work.