Penetration testing (aka pen testing) is a highly specialized skill and set of methods whereby a red team specialist will run for example a simulation of a cyber attack on your computer system. This is how we find exploits and vulnerabilities before ‘real’ hackers do.
Penetration testing is part of ethical hacking and is done to check the security of a computer system/network. It is NOT the same as a vulnerability assessment.
The purposes of pen-testing are multi-layered:
- identify weaknesses & vulnerabilities
- check if unauthorized users can access computer systems
- evaluate strong points of the system its defenses
- after a pen-test, a risk assessment needs to be done