What is a Physical Penetration Test?

Updated: Oct 22, 2021

A physical penetration test (pen test) is where an ethical hacker or social engineer will try to gain entry to one of your locations, such as an office building. warehouse, storage facility or data centre.



These physical pen test engagements are often covert in nature and a pen tester or pen testers performing the test will use techniques to gain entry without actually causing actual damage to a location. Some of these techniques might include:

  1. Tailgating employees or other individuals with access to the target location.

  2. Creating 'fake' badges or cloning a valid access card.

  3. Social engineering of staff to gain entry.

A physical penetration test aims to validate physical security controls you might have in place and provide recommendations for areas of improvement. The pen test can also help raise awareness amongst staff around the risks of social engineering and potential physical attack vectors.


How do I become a physical security penetration tester?

To become a physical security penetration tester, start by speaking with other ethical hackers and social engineering in the cybersecurity community. Listen and learn from their stories and experiences. They are often talking at InfoSec and Hacker based conferences around physical security penetration testing.


Becoming a physical security penetration tester takes time, patience and practice. Whilst you can gain some insight from reading, you have to be in a role that permits you to legally perform physical penetration tests for clients.


Start thinking like a threat, look at the physical security controls on locations you've visited and how they might be bypassed, then think about what your methodology would look like if you were running a physical security penetration test. For the avoidance of any doubt, only run any kind of penetration test, in particular, physical security penetration tests only where you have the permission and legal authorisation to do so.


Physical penetration testing checklist

In terms of physical security testing checking, here are a few pointers:

  1. Ensure that you have a valid and believable back story. One that you know well. The best stories are ones as close to the truth as possible.

  2. Practice your back story and be ready for potential challenges you might face.

  3. Have a fake badge or identification ready - this often needs to be part of your story.

  4. Always have an objective, something you need to obtain or gain from the location you are physically testing.

  5. Always have a 'get out of jail' letter to hand, signed by someone at your location who has authorised and is aware of the test. This should be counter-signed by someone senior at your company, ideally an appointed director. Both should be contactable throughout the engagement.

If you like this blog post, find more content in our Glossary.