In this approach to testing, the penetration testing team does not have any knowledge of the internal working of target systems. Thus, black box penetration testing is an audit that stages an external malicious attacker with only public information on your company such as your website URL or your employees LinkedIn pages.

As a freelancer, I offer multiple cybersecurity services:

• Intern CTF training to improve your employees technical skills
• Penetration testing
  • Black box
  • Grey box
  • Security code audit
  • Internal
  • Social engineering campaigns

Grey box penetration testing is an audit that stages a malicious third-party service with some relevant information on your company such as IP addresses or API endpoints. These information could be specified by your CISO.

Internal penetration testing is an audit that aims at performing tests inside the company or sometimes through a VPN. Most of the time, penetration testers go to the company’s buildings, bring their equipment and put themselves in the shoes of an internal attacker.

Security code auditing aims at reviewing the source code to discover if there are any potential security weaknesses, bugs, exploits or violations of programming standards.

Social engineering penetration testing focuses on people and processes and the vulnerabilities associated with them. These penetration tests typically consist of an ethical hacker conducting different social engineering attacks such as phishing, USB drops, or impersonation that a person could face during the course of their work.