The IT Law Wiki
The IT Law Wiki

Definition[]

Internal security testing is where

assessors work from the internal network and assume the identity of a trusted insider or an attacker who has penetrated the perimeter defenses. This kind of testing can reveal vulnerabilities that could be exploited, and demonstrates the potential damage this type of attacker could cause. Internal security testing also focuses on system-level security and configuration — including application and service configuration, authentication, access control, and system hardening.[1]

References[]