A penetration test (Pen Test) attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network. Benefitsof penetration testing:
- Disclose system vulnerabilities
- Protection from financial damage
- Protect reputation of the enterprise
Penetration testing as per Gartner goes beyond vulnerability scanning to use multistep and multivector attack scenarios that first find vulnerabilities and then attempt to exploit them to move deeper into the enterprise infrastructure. Since this is how advanced targeted attacks work, penetration testing provides visibility into aggregations of misconfigurations or vulnerabilities that could lead to an attack that could cause serious business impact. As a minimum, penetration testing provides a means for prioritizing the highest risk vulnerabilities.