We can perform a penetration test (pen test) which is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.

There are some types of pen tests we can perform:

• External pen test
• Internal pen test
• Black box pen test
• White box pen test

The following is the explanation of each pen test:

External pen test

External penetration testing addresses perimeter vulnerabilities and evaluates the potential risks of external cyber threats. Specialist testers attempt to gain entry into the organization's network by leveraging vulnerabilities discovered on the external assets, such as email, websites and file shares.

Internal pen test

An internal pen test is usually done after completing an external pen test. It imitates an insider threat and identifies how an attacker with internal access may compromise or damage the network, systems, or sensitive data.

Black box pen test

Black-Box Penetration Testing, often referred to as Black-Box Testing, is a cyber-security practice intended to simulate real-world attacks on networks, software, or systems. In this technique, the testers, often called security experts or ethical hackers, have no insights into the code, architecture, or system design.

White box pen test

White box penetration testing, sometimes referred to as crystal or oblique box pen testing, involves sharing full network and system information with the tester, including network maps and credentials. This helps to save time and reduce the overall cost of an engagement.