You may need to conduct a white box penetration test if you want to evaluate your application security, wireless security, infrastructure, network security, or physical security in an assumed breach scenario.| PurpleSec
Vulnerability scanning is a process of identifying and assessing security weaknesses in a computer system, network, or web application. Vulnerabilities can range from technical flaws in software, hardware or configuration issues to vulnerabilities in policies and procedures.| PurpleSec
Vulnerability scans identify vulnerabilities within systems on a network. Penetration tests simulate an attack to exploit vulnerabilities.| PurpleSec
A black box penetration test is a security test performed by an external party that is completely unfamiliar with the target. The security assessor (penetration tester) is provided with no information of the system specifics and no credentials except for the target URL.| PurpleSec
The different types of penetration tests include network services, web application, client side, wireless, social engineering, and physical.| PurpleSec
Social engineering penetration testing focuses on people and processes and the vulnerabilities associated with them.| PurpleSec
Physical penetration testing exposes weaknesses in physical security controls with the goal of strengthening a business's security posture.| PurpleSec
Wireless penetration testing is comprised of six main steps including reconnaissance, identifying wireless networks, vulnerability research, exploitation, reporting, and remediation.| PurpleSec
Performing a successful network penetration test includes information gathering and understanding client expectations, reconnaissance and discovery, performing the penetration test, and reporting on recommendations and remediation.| PurpleSec
There are 13 steps to firewall penetration testing, which include locating the firewall, conducting tracerroute, scanning ports, banner grabbing...| PurpleSec
Web application penetration tests are performed primarily to maintain secure software code development throughout its lifecycle.| PurpleSec