Which one of the following lists describes different types of penetration tests?
A. Zero-knowledge test, partial-knowledge test, full-knowledge test B. Hard test, soft test, moderate test C. Complete test, partial test, minimal test D. Technical test, cursory test, partial-knowledge test
There are a number of categories of penetration tests. These categories are a function of the amount of information available to the tester and are summarized in Table 12-4.
Table 12-4: Categories of Penetration Tests Open table as spreadsheet CATEGORY CHARACTERISTICS
Open-box Testers have access to internal system code. This mode is especially suited to Unix or Linux.
Closed-box Testers do not have access to internal code. This mode is well suited to closed systems.
Testers are not supplied with information concerning the IT system and have to acquire information from scratch.
Testers possess knowledge that may be applicable to a specific type of attack and potential associated vulnerabilities.
Testers have extensive knowledge concerning the information system to be evaluated, similar to that possessed by an employee familiar with the system.
Security test and evaluation (ST&E) is another component of risk assessment that is useful in discovering system vulnerabilities.