Home/Glossary/Penetration Testing

Penetration Testing

Authorized simulated cyberattacks against systems to identify security vulnerabilities before malicious actors exploit them.

Security TestingAlso called: "pentesting", "ethical hacking"

Penetration testing (pentesting) validates security controls through ethical hacking.

Types of pentests

  • Black box: No prior knowledge (simulates external attacker).
  • White box: Full knowledge of systems (comprehensive testing).
  • Gray box: Partial knowledge (simulates insider threat).

Testing phases

  1. Reconnaissance: Gather information about targets.
  2. Scanning: Identify open ports, services, vulnerabilities.
  3. Exploitation: Attempt to gain access.
  4. Post-exploitation: Determine impact, lateral movement.
  5. Reporting: Document findings and remediation.

Common targets

  • Web applications (OWASP Top 10).
  • Network infrastructure.
  • Wireless networks.
  • Physical security.
  • Social engineering.

Deliverables

  • Executive summary.
  • Technical findings with CVSS scores.
  • Proof-of-concept exploits.
  • Remediation recommendations.

Related Tools

Back to glossary