Penetration testing, also referred to as pen testing, involves attempting to break into a system to better identify cybersecurity weaknesses so that the security posture can be improved. It is typically conducted by ethical hackers who have an offensive security lens.
Penetration Testing vs. Assessments
A pen test is different from a vulnerability assessment in that pen testers are actively trying to exploit vulnerabilities, simulating a cyber attack. The process may involve setting the goals and scope for the attack, conducting initial research, using a variety of methods to break into a system, seeing what access and damage is possible, and reporting on the work.
Ultimately, the goal is for clients to have a detailed understanding of where they are vulnerable and to help them to become as secure as possible.
Pen testing is conducted by ethical hackers who have permission to hack a client’s systems. Pen testers may be outsourced or in-house, sitting on the red team of a security organization. They use a diverse skill set including knowledge of network security, operating systems, software vulnerabilities, and IT administration to conduct their work.