top of page

Internal vs External Pen Testing

Updated: Nov 16, 2021

What is an internal pen test?

Internal Penetration Testing or 'Pentesting' typically refers to the testing of a client's internal infrastructure, usually based on a Windows Active Directory.

hands typing on a laptop

What is an external pen test?

Meanwhile, external penetration testing or 'Pentesting' typically refers to the testing of a client's public-facing infrastructure such as a web server.

The importance of internal and external pen testing

The aim of the pen test is to identify weaknesses and flaws within the infrastructure’s attack surface and leverage them to gain elevated and persistent access. This helps highlight key attack paths which a localised attacker cloud exploit, and more importantly, how to close them.

Conducting frequent pentests is vital to maintaining an excellent security posture as they often uncover vulnerabilities that are not covered by standard vulnerability scans by employing the methodologies used by malicious actors.

Similarities between internal and external testing

Whilst internal and external pentests differ in scope, they share a similar approach and methodology. Including the following:

  • Port Scanning

  • Credential Stuffing

  • Vulnerability Scanning

  • Username Enumeration and Password Guessing

  • Privilege Escalation

  • Data Exfiltration

If you like this blog post, find more content in our Glossary.

bottom of page