{"id":2253,"date":"2025-02-18T16:16:55","date_gmt":"2025-02-18T15:16:55","guid":{"rendered":"https:\/\/blog.eprivacy.eu\/?p=2253"},"modified":"2025-02-18T16:16:56","modified_gmt":"2025-02-18T15:16:56","slug":"test-methods-in-penetration-testing-what-makes-sense","status":"publish","type":"post","link":"https:\/\/blog.eprivacy.eu\/?p=2253","title":{"rendered":"Test Methods in Penetration Testing \u2013 What Makes Sense?"},"content":{"rendered":"\n<p><strong>What is a Penetration Test?<\/strong><\/p>\n\n\n\n<p>A&nbsp;<a href=\"https:\/\/t5baa4d95.emailsys1a.net\/c\/107\/8138829\/4207\/0\/20698348\/740\/532558\/7d161c213b.html\">penetration test<\/a>&nbsp;is a simulated cyber attack on a computer system, network or web application that is carried out to identify potential security vulnerabilities. The goal of a pentest is to find these vulnerabilities before they can be exploited by actual attackers.<\/p>\n\n\n\n<p><strong>What Methods are there?&nbsp;<\/strong><\/p>\n\n\n\n<ul><li>Black Box Testing<br>The pentester has no prior information about the target system. This method simulates an external attack in which the attacker has no internal knowledge of the IT infrastructure.<br>&nbsp;<\/li><li>White Box Testing<br>The tester has complete knowledge of the target system, including source code, network topology and login data. This method allows a thorough analysis and the detection of vulnerabilities that an external attacker would not be aware of.<br>&nbsp;<\/li><li>Grey-Box Testing<br>The tester has partial knowledge of the target system. This method combines elements of black-box and white-box testing and often reflects the scenario of an insider with limited privileges, such as simple logins in an application.<\/li><\/ul>\n\n\n\n<p><strong>Which one Makes the Most Sense for Pentesting?<\/strong><\/p>\n\n\n\n<p>The goal of a penetration test is to uncover as many complicated and novel vulnerabilities as possible. A grey box approach offers a good and economical introduction here, as it avoids an analyst wasting valuable time on trivial tasks. Once a high level of system hardening has been achieved by this method, it may be useful to perform a white box audit to ensure maximum security.<\/p>\n\n\n\n<p>Black Box Methods should only be Used for Red Teaming<br><a href=\"https:\/\/t5baa4d95.emailsys1a.net\/c\/107\/8138829\/4207\/0\/20698348\/740\/532559\/f49f06d0af.html\">Red Teaming&nbsp;<\/a>is a comprehensive approach to security auditing that goes beyond traditional penetration testing to evaluate an organisation&#8217;s overall security and preparedness. The main objective of red teaming is to test an organisation&#8217;s security from a real attacker&#8217;s perspective. In contrast to standard pentesting, which often focuses on identifying technical vulnerabilities, red teaming encompasses a broader range of techniques and strategies. The black box method should only be used in this context, i.e. when an almost maximum level of hardening is already in place<\/p>\n\n\n\n<p>(Jan Kahmen, Turingpoint)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is a Penetration Test? A&nbsp;penetration test&nbsp;is a simulated cyber attack on a computer system, network or web application that is carried<\/p>\n<p class=\"link-more\"><a class=\"myButt \" href=\"https:\/\/blog.eprivacy.eu\/?p=2253\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[26],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/2253"}],"collection":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2253"}],"version-history":[{"count":1,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/2253\/revisions"}],"predecessor-version":[{"id":2254,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/2253\/revisions\/2254"}],"wp:attachment":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}