TYPES OF PENETRATION TESTING

Overt Penetration Testing: 

Using overt penetration testing, you work with the organization to identify  

potential security threats, and the organization’s IT or security team shows you  

the organization’s systems. The one main benefit of an overt test is that you  

have access to insider knowledge and can launch attacks without fear of  

being blocked. A potential downside to overt testing is that overt tests might  

not effectively test the client’s incident response program or identify how  

well the security program detects certain attacks. When time is limited and  

certain PTES steps such as intelligence gathering are out of scope, an overt  

test may be your best option. 

Covert Penetration Testing: 

Unlike overt testing, sanctioned covert penetration testing is designed to sim- 

ulate the actions of an attacker and is performed without the knowledge of  

most of the organization. Covert tests are performed to test the internal  

security team’s ability to detect and respond to an attack. 

Covert tests can be costly and time consuming, and they require more  

skill than overt tests. In the eyes of penetration testers in the security industry,  

the covert scenario is often preferred because it most closely simulates a true  

attack. Covert attacks rely on your ability to gain information by reconnais- 

sance. Therefore, as a covert tester, you will typically not attempt to find a  

large number of vulnerabilities in a target but will simply attempt to find the  

easiest way to gain access to a system, undetected.