Usually ethical hacking and penetration testing is seen as something only popular among companies that can expend thousands and thousands every month for testing. I don't think that's exactly true, but more so I don't think it should be true! So I'm offering this as a one time test and as a service (monthly, quarterly, twice a year, or annually). While the cost will fluctuate based on amount of targets in scope and type of attacks, it's really better we start with what and why first, then we can talk about the good parts.
Ethical hacking, that is hacking with permission, and defense penetration testing, that is actively testing defenses, are often used together to describe the role of penetration testing. Its a process in which a hacker will test your security posture in one way or another in an attempt to find holes in your security and alert you to them before some outside hacker without permission gets in and gets away with stealing the goods. The reports given from the hackers in this cases is to be used by the company to resolve the issues as needed. This isn't a tool to show that someone didn't do their job or that someone is bad at their job, only to inform on the issues found or not found and give remediation strategy suggestions where available. We understand, and so should you, that some issues just aren't going to be a major concern compared to other issues, and we will discuss the findings with you to ensure you know where the issues occurred and how to follow up.
When talking about scope, we refer to the set of things we agree on before hand and limitations or situations that may cause us to halt the testing. Before any testing can occur we need to establish this scope and assure proper permissions to do so. An example of what may be outside of someone's limits to give permission to do, would be something like trying to brute force a password on sites like github, facebook, or twitter, as these would all require approval from those respective companies not just the user of the account. Or in situations like cloud object storage services, if there is a storage service leased to another individual that your company uses, this could again put us in a situation where we don't want any of us to be.
WHY would WE need this?!
As now countless research teams have disclosed publicly large corporations are not the only ones vulnerable to nation sponsored cyber attacks leading to loss of business, loss of revenue, FTC and other federal charges, and lawsuits from customers declaring that your negligence let them in. What this all means is even small companies are at risk of huge fines and fees due to even a single cyber attack. Without some attestation to say "we worked to secure ourselves" or "we rapidly closed security vulnerabilities found against our network" even major companies can be in for a world of hurt.
By doing regular testing to find breach situations you enable your company to not only know that there are vulnerabilities and how easily exploited they are, but also the potential impact to the company where you can make business decisions as needed.
Now for the good part!
Type 1: External Test
This type of testing roughly simulates a threat actor (attacker) going from the outside of your company, inside, and trying to gain control over network or gain critical information that would cause irreparable harm in the company. This can go through a wide array of services and tools but the essential idea is outside in.
Type 2: Internal Test
This type of testing roughly simulates a threat actor (attacker) who already has access to the internal network and attempts to leverage that to gain control over the network or gain critical information that would cause irreparable harm in the company.
Type 3: Social Engineering
This type of testing attempts to test human interaction and policy adherence by abusing social cues. Sometimes this can be your standing phishing test and seeing who clicks the links, other times this can be part of an external test if allowed. This is usually not allowed unless explicitly allowed so this is listed as its own type.
Type 4: Physical Testing
This type of testing roughly simulates a threat actor (attacker) using physical means to enter, access, or gain leverage into the network or gain control over critical parts.
Type 5: Wireless Testing
This type of testing attempts to gain access to the system via wireless networks. This may be part of an external test, or it may be just see what it takes to gain access to the wifi. In some cases this can also involve social engineering aspects as well. All of these are features we need to agree on within scope before testing.
Type 6: Web app testing
This type of testing focuses strictly on attacks on websites or web api. These tests can include a wide range of web testing but the goal being to find attacks with potential for leaking of internal information or attacks against your website's users are found.
Type 7: Service/Application specific testing
This type of testing is based on specific services, features, applications, or tools. An example may be an android app (mobile app testing) and the related services to it, or this may be a custom email service. This may also be something like a java or c++ program (binary exploitation testing) or a chat service running on a server (networked application testing).