Definition[]
Internal security testing is where
“ | assessors work from the internal network and assume the identity of a trusted insider or an attacker who has penetrated the perimeter defenses. This kind of testing can reveal vulnerabilities that could be exploited, and demonstrates the potential damage this type of attacker could cause. Internal security testing also focuses on system-level security and configuration — including application and service configuration, authentication, access control, and system hardening.[1] | ” |
References[]
- ↑ NIST Special Publication 800-115, at 2-5.