Type of Pentesting Strategies
It targets a company’s externally visible servers or devices. The objective is to determine if an outside attacker can get in and how far they can get in once they’ve gained access.
It mimics an inside attack behind the firewall by an authorized user with standard access privileges. It is useful for estimating how much damage a disgruntled employee could cause.
It simulates a real attacker’s actions and procedures by severely limiting the information given to the person or team performing the test beforehand.
Double Blind Testing
One or two people within the organization might be aware a test is being conducted. Useful for testing an organization’s security monitoring and incident response procedures.
It is performed by the organization’s IT team and the penetration testing team. It’s referred to as a “lights turned on” approach because everyone can see the test being carried out.