Additional Penetration Test Types
Some additional penetration test types includes physical security penetration test, stolen equipment penetration test, cryptanalysis attack, and shrink-wrapped software penetration tests.
Additional Penetration Test Types:
Physical security test: These penetration tests look for flaws in the physical security practices of a target organization. Penetration testers may try to gain access to buildings and rooms, or to take laptops, desktops, or recycling bins out of target facilities. Dumpster diving tests are a variance of a physical security analysis. Physical testing must be conducted very carefully to ensure that the penetration testers do not get hurt or arrested during their work.
Stolen equipment test: This kind of penetration test calls for acquiring a piece of equipment from the target, such as a laptop computer, and then trying to extract sensitive information from it in a laboratory environment.
Cryptanalysis attack: This penetration test concentrates on bypassing or breaking the encryption of data stored on a local system or across the network. Some of these penetration tests also assess the strength of digital rights management(DRM) solutions. Due to legal restrictions regarding reverse engineering copyright protections (such as those imposed by the Digital Millennium Copyrights Act in the US), any contract regarding the analysis of DRM software should be inspected by a lawyer to ensure that proper permission has been derived from the owners of the given DRM solution.
Shrink-wrapped software test: In this kind of penetration test, pen testers look for security flaws in software products that can be installed in the penetration tester’s own laboratory systems. Such tests look for flaws in the software, such as exploitable buffer overflow conditions, privilege escalation flaws, and exposure of unencrypted sensitive data.
Incoming search terms:
- triple penetration test tools