An organization is planning a penetration test strategy and has asked for your advice.
They have recently modified their network significantly and want the penetration testing to focus on this upgrade, but they also require the solution to be as brief as possible. Also, they want their IT team to be involved in the testing.
Which penetration testing strategy should you recommend?
- double-blind test strategy
- internal test strategy
- untargeted test strategy
- external test strategy
Explanation & Hint: In this scenario, where the organization has recently modified its network significantly and wants the penetration testing to focus on this upgrade while involving its IT team and keeping the test as brief as possible, the most suitable penetration testing strategy to recommend is an internal test strategy.
Here’s why:
- Internal Test Strategy: Internal penetration testing is conducted by the organization’s internal IT team or a third-party team, typically with prior knowledge of the network and systems. This approach is less time-consuming and can be focused on specific areas of interest, such as the recent network upgrade. Since the IT team is involved, it can collaborate closely with the penetration testing team to ensure that the test is conducted efficiently and aligns with the organization’s objectives.
The other strategies mentioned, such as double-blind (also known as black-box) and external tests, involve external entities without prior knowledge of the network and are typically more comprehensive but may take more time. In this case, where the organization wants a brief, focused test with IT team involvement, an internal test strategy is the most suitable option.