Skip to content

Types of Penetration Tests

Pentests come in many forms depending on the target and the level of access provided.
Each type plays a role in building a complete security posture. Pick the right type for the right question.

Access Levels: Black, Grey, White Box

Black Box

No prior access. I simulate an external attacker with zero knowledge. Good for testing public-facing exposure and external resilience.

Grey Box

Partial access. I have limited insider knowledge or credentials. This often represents a realistic, mid-level threat and lets me target both external and some internal controls.

White Box

Full access to source code, credentials, and architecture. This simulates an insider or developer perspective and is best for deep logic, design, and code-level flaws.

These access levels apply across all pentest categories. They shape scope, effort, and what evidence is meaningful.

Pentest Domains

Network Infrastructure

Testing routers, switches, firewalls, and other connected devices. Focus on misconfigurations, weak credentials, outdated firmware, and segmentation flaws. Network tests reveal trust boundaries and how traffic flows between zones.

Web Applications

Websites, APIs, and services exposed to users and attackers alike. Common targets include input validation, authentication, session management, and access controls. Web testing is often high ROI because these services face the public internet.

Mobile Applications

Android and iOS apps shipped with their own quirks. Key areas are local data storage, encryption, communication protocols, and backend interactions. Mobile tests must consider the device context and platform controls.

Cloud Infrastructure

Cloud and hybrid setups shift responsibility and introduce new misconfiguration risks. Targets include VMs, storage buckets, IAM policies, networking, and containerized apps across providers like AWS, Azure, and GCP. Cloud tests often emphasize identity and config hygiene.

Physical Security

Humans are frequently the weakest link. This includes social engineering, badge cloning, tailgating, and bypassing physical controls. To be honest, this is what first drew me to cybersecurity. Physical testing teaches you how policy, process, and tech meet in the real world.

Wireless Networks

Wi-Fi and other wireless protocols can leak signals and trust. Tests cover access point configurations, encryption strength, rogue devices, and authentication mechanisms. Wireless assessments reveal gaps that are invisible from wired tests.

Software

Deep testing of applications, operating systems, and firmware. Focus on code quality, architecture, dependency risks, and secure implementation. This domain blends static analysis, dynamic testing, and manual code review.

Notes for the Lab

  • Match access level to the goal. A grey box test can be more realistic than a black box in many orgs.
  • Combine domains where it makes sense. Real compromises rarely stop at one boundary.
  • Always document scope and expectations for each domain before I start.