Penetration testing can be defined as a legal and authorized attempt to locate and successfully exploit computer systems to make those systems more secure. The process includes: probing for vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate the vulnerabilities are real.
Proper penetration testing always ends with specific recommendations for addressing and fixing the issues that were discovered during the test. On the whole, this process is used to help secure computers and networks against future attacks.
Penetration testing is also known as:
- Pen Testing
- Ethical Hacking
- White Hat Hacking
It’s important to spend a few moments discussing the difference between penetration testing and vulnerability assessment. Many people (and vendors) in the security community incorrectly use these terms interchangeably. A vulnerability assessment is the process of reviewing services and systems for potential security issues, whereas a penetration test actually performs exploitation and POC attacks to prove that a security issue exists. Penetration tests go a step beyond vulnerability assessments by simulating hacker activity and delivering live payloads. In this course, we’ll cover the process of vulnerability assessment as one of the steps utilized to complete a penetration test.