background image

The Absolute Basics of Penetration Testing

5

Overt Penetration Testing

Using overt penetration testing, you work with the organization to identify 
potential security threats, and the organization’s IT or security team shows you 
the organization’s systems. The one main benefit of an overt test is that you 
have access to insider knowledge and can launch attacks without fear of 
being blocked. A potential downside to overt testing is that overt tests might 
not effectively test the client’s incident response program or identify how 
well the security program detects certain attacks. When time is limited and 
certain PTES steps such as intelligence gathering are out of scope, an overt 
test may be your best option.

Covert Penetration Testing

Unlike overt testing, sanctioned covert penetration testing is designed to sim-
ulate the actions of an attacker and is performed without the knowledge of 
most of the organization. Covert tests are performed to test the internal 
security team’s ability to detect and respond to an attack.

Covert tests can be costly and time consuming, and they require more 

skill than overt tests. In the eyes of penetration testers in the security industry, 
the covert scenario is often preferred because it most closely simulates a true 
attack. Covert attacks rely on your ability to gain information by reconnais-
sance. Therefore, as a covert tester, you will typically not attempt to find a 
large number of vulnerabilities in a target but will simply attempt to find the 
easiest way to gain access to a system, undetected.

Vulnerability Scanners

Vulnerability scanners are automated tools used to identify security flaws 
affecting a given system or application. Vulnerability scanners typically work 
by 

fingerprinting

 a target’s operating system (that is, identifying the version 

and type) as well as any services that are running. Once you have fingerprinted 
the target’s operating system, you use the vulnerability scanner to execute 
specific checks to determine whether vulnerabilities exist. Of course, these 
checks are only as good as their creators, and, as with any fully automated 
solution, they can sometimes miss or misrepresent vulnerabilities on a system.

Most modern vulnerability scanners do an amazing job of minimizing 

false positives, and many organizations use them to identify out-of-date systems 
or potential new exposures that might be exploited by attackers.

Vulnerability scanners play a very important role in penetration testing, 

especially in the case of overt testing, which allows you to launch multiple 
attacks without having to worry about avoiding detection. The wealth of 
knowledge gleaned from vulnerability scanners can be invaluable, but beware 
of relying on them too heavily. The beauty of a penetration test is that it can’t 
be automated, and attacking systems successfully requires that you have 
knowledge and skills. In most cases, when you become a skilled penetration 
tester, you will rarely use a vulnerability scanner but will rely on your knowl-
edge and expertise to compromise a system.