Update Rule “penetration-testing/rule” (#9906)

* Update Rule “penetration-testing/rule” * Update rule.md * Update rule.md --------- Co-authored-by: Tiago Araújo [SSW] <tiagov8@gmail.com>
SSWConsulting · Feb 18, 2025 · 87ecadb · 87ecadb
1 parent 47d65e3
commit 87ecadb
Showing 1 changed file with 23 additions and 12 deletions.
diff --git a/rules/penetration-testing/rule.md b/rules/penetration-testing/rule.md
@@ -11,9 +11,11 @@ seoDescription: When testing the security of company systems, it's important to
 uri: penetration-testing
 authors:
   - title: Lewis Toh
-    url: https://www.ssw.com.au/people/lewis-toh/
+    url: https://www.ssw.com.au/people/lewis-toh
   - title: Josh Berman
-    url: https://www.ssw.com.au/people/josh-berman/
+    url: https://www.ssw.com.au/people/josh-berman
+  - title: Rob Thomlinson
+    url: https://www.ssw.com.au/people/rob-thomlinson
 related:
   - multi-factor-authentication-enabled
   - password-manager
@@ -36,7 +38,7 @@ Penetration Testing is a **simulated cyberattack performed by security professio
 
 ![Figure: Penetration Testing is an important part of securing your systems](imagefx.jpg)
 
-## Why do we need penetration testing?
+## Why do we need Penetration Testing?
 
 It is important for several reasons:
 
@@ -51,16 +53,25 @@ It is important for several reasons:
 
 Great company security starts with great user security. Here are some of the most valuable ways you can help defend against an attacker:
 
-1. Multi Factor Authentication – **[more than one authentication method](https://www.ssw.com.au/rules/multi-factor-authentication-enabled/)** means more layers of security.
-2. Use **[password managers](https://www.ssw.com.au/rules/password-manager/)** to generate unique passwords for every service (and auto-fill them).
-3. **[Lock your laptop](https://www.ssw.com.au/rules/lock-your-computer-when-you-leave/)** when you leave your desk. For Windows users, check out [DynamicLock](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock).
-4. **[Avoid malware](https://www.ssw.com.au/rules/understand-the-dangers-of-social-engineering/)** by not clicking on suspicious links and making sure the person is who they say they are.
-5. **[Report potential breaches to SysAdmins]((https://www.ssw.com.au/rules/security-compromised-password/))**, whether it's your personal account or a company account.
+1. Multi Factor Authentication – **[more than one authentication method](https://www.ssw.com.au/rules/multi-factor-authentication-enabled/)** means more layers of security
+2. Use **[password managers](https://www.ssw.com.au/rules/password-manager/)** to generate unique passwords for every service (and auto-fill them)
+3. **[Lock your laptop](https://www.ssw.com.au/rules/lock-your-computer-when-you-leave/)** when you leave your desk. For Windows users, check out [DynamicLock](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock)
+4. **[Avoid malware](https://www.ssw.com.au/rules/understand-the-dangers-of-social-engineering/)** by not clicking on suspicious links and making sure the person is who they say they are
+5. **[Report potential breaches to SysAdmins]((https://www.ssw.com.au/rules/security-compromised-password/))**, whether it's your personal account or a company account
 
-## What are the Recommended Tools to use?
+## Different types of penetration tests
 
-We have a few rules that cover the best cybersecurity tools for developers and SysAdmins!
+There are 5 common penetration tests most businesses will engage a 3rd party for:
 
-- For Developers: <https://www.ssw.com.au/rules/developer-cybersecurity-tools/>
+1. **Internal penetration testing** - A consultant will simulate an attacker who has managed to access your internal network to evaluate security and configuration issues in your network, systems and endpoints
+2. **External penetration testing** - A consultant would simulate an attacker trying to access any device or service that a business uses which would provide them with access to an organisations resources
+3. **Wi-Fi penetration testing** - A consultant evaluates the security and configuration of your offices wireless networks
+4. **Application penetration testing** - A consultant looks for vulnerabilities and flaws in the design of an application, this can be done by identifying issues with API's, authentication, data exposure or 
+5. **Physical penetration testing** - A consultant tests the physical security of an office to see how easy it is to gain access to restricted areas
 
-- For SysAdmins: <https://www.ssw.com.au/rules/sysadmin-cybersecurity-tools/>
+## What are the recommended tools to use?
+
+We have a few rules that cover the best cybersecurity tools for developers and SysAdmins:
+
+* For **Developers**: [Do you use the right cybersecurity tools when writing code?](https://www.ssw.com.au/rules/developer-cybersecurity-tools)
+* For **SysAdmins**: [Do you use the right cybersecurity tools as a Sysadmin?](https://www.ssw.com.au/rules/sysadmin-cybersecurity-tools)