An attempt to penetrate a system's security in an effort to evaluate the protections in place.
Penetration testing simulates an attack by a malicious party. It involves a scan and assessment of vulnerabilities, followed by exploitation of found vulnerabilities to gain further access. Using this approach will result in an understanding of the ability of an attacker to gain access to confidential information, affect data integrity or availability of a service and the respective impact. Each test should be approached using a consistent and complete methodology in a way that allows the tester to use their problem-solving abilities, the output from a range of tools and their own knowledge of networking and systems to find vulnerabilities that would/ could not be identified by automated tools. This approach looks at the depth of attack as compared to the Security Assessment approach that looks at the broader coverage.
Useful Resources:
