Automated tests, using bots and other "robotic" attack systems that rely on overwhelming a target's defenses.
Manual attacks, with actual technicians leveraging years of security knowledge to directly crack your defenses.
Internal attack testing, simulating the damage a disgruntled employee with existing access could cause while looking for mitigation strategies.