In this chapter, we have discussed several penetration testing methodologies. We have also described the basic terminology of penetration testing, its associated types, and the industry contradiction with other similar terms. The summary of these key points is highlighted as follows:
Penetration testing can be broken into different types, such as black box and white box. The black box approach is also known as external testing, where the auditor has no prior knowledge of the target system. The white box approach refers to internal testing, where the auditor is fully aware of the target environment. The combination of both types is known as a gray box.
The basic difference between vulnerability assessment and penetration testing is that vulnerability assessments identify the flaws that exist in the system without measuring their impact, while penetration testing takes a step forward and exploits these vulnerabilities in order to evaluate their consequences.
There are a number of security...