Penetration testing, or pentest for short, is an exercise to identify exploitable vulnerabilities in applications, infrastructure, networks, devices, physical facilities, and users. However, applications and networks are the most common in the scope of pentests. It s performed by skilled professionals, often referred to as ethical hackers or White Hats. Ethical hackers use a combination of automated and manual tools to identify vulnerabilities. The goal of this exercise is to identify and address security risks before unethical hackers, or Black Hats, do.
Most companies cannot permanently retain ethical hackers, so, penetration tests are usually performed by third parties. The tests also help to simulate real hackers as close as possible because just like hackers, third party testers have no or limited knowledge of the company’s people, processes, and technologies.