Penetration testing is a direct test of an application, device, website, organisation and even the people that work at an organisation.
It involves attempting to identify and exploit different security weaknesses that can be found in these various areas with the objective of gaining access or information.
Penetration testers, also known as ethical hackers, evaluate the security of IT infrastructures using a controlled environment to safely attack identify and exploit vulnerabilities.
They test servers, networks, web applications mobile devices, and other potential points of exposure to find weaknesses.
They try to break in to keep others out.
- Begins with information gathering - finding out as much as possible about the system you will be targeting
- Testers move on to the attack itself - for example, bypassing a firewall to breach a system.
- Once vulnerabilities have been successfully exploited within a system, testers may use compromised systems to find other weaknesses that allow them to obtain higher and deeper levels of access to assets and data
- Information about security weaknesses that are successfully identified or exploited through penetration testing is typically generated into a report to be used to take the next steps towards remediation efforts.