External and Internal Penetration Testing
This blog looks at the differences between an External vs Internal Penetration Testing. Our goal is to provide the information you need to choose between these two types of penetration tests based on their value to your organization. Of course, the easy answer would be, “Why not both?” And in a perfect world that would probably be the best approach, but we don’t live in a perfect world. So, the answer is based on an organization’s budgetary constraints and the expected value from either assessment.
What is an Internal Penetration Test?
An Internal Penetration Test is conducted from within your network. It mimics the perspective of an attacker that has already gained a foothold in your network. This can be a direct exploitation of a public facing system or via social engineering, or a malicious insider. This assessment uses a combination of automated and manual exploitation techniques. The goal is to determine what a bad actor can do at this point. An internal penetration test has similar goals to an external penetration test, but completely changes the perspective and assesses different threat vectors.
