A test conducted by external consultants or specialized security firms, who use external access points, such as the internet, to identify vulnerabilities that could be exploited by malicious actors from outside without physical access to the premises or internal networks of the organization.

A test performed remotely using methods and tools to simulate attacks from external threats without the need for internal network or system access to the organization, in order to discover potential vulnerabilities that could be exploited by malicious actors.

A test conducted to identify vulnerabilities by analyzing systems from the perspective of an internal user or system administrator, utilizing access to the organization's internal resources and networks.

A test carried out exclusively by the organization's internal staff without involving external experts or services, usually for the purpose of internal security checks and assessing vulnerabilities from the perspective of potential internal threats.