Let's now talk about testing various specialized services. These might be run as an additional task or be the only task that is run during penetration testing. It is likely that during our career as a penetration tester that we come across a company or a testable environment that only requires testing to be performed on a particular server, and this server may run services such as databases, VOIP, or SCADA control system. In this chapter, we will look at developing strategies to use while carrying out penetration tests on these services. In this chapter, we will cover the following points: