Penetration testing, or pen testing, is a simulated security testing process conducted by an enterprise or third party "ethical hacking" service to test the company’s network and IT systems for vulnerabilities and potential for cybersecurity exploits.
Penetration testing examines corporate security from a hacker’s point of view, analyzing and testing the company’s existing security systems and processes to identify exploitable vulnerabilities as well as areas that could be improved from a data protection and security standpoint.
The idea behind penetration testing is to find exploitable weaknesses in the corporate network and patch or fortify them before cyber attackers have a chance to discover and take advantage of them.
Some of the more popularly used tools deployed for penetration testing include Metasploit, Portswigger Web Security’s Burp, Kali Linux, Fiddler, Nessus, Nmap, sqlmap, Wireshark, John the Ripper, Hyrda, Aircrack-ng, and Zed Attack Proxy.
Image source: Imperva
How Security Penetration Tools Work
Penetration testing can be conducted manually as needed or can be set up with software tools to run automatically, either continuously or periodically. Systems involved in pen testing can include network access points, front-facing web sites, application protocol interfaces (APIs), backend databases and servers, in-house and third-party applications that connect to the corporate network, and more.
Penetration tools typically operate using lists of known security vulnerabilities and issues and then attempt to exploit and penetrate corporate security defenses based on these vulnerabilities.
In this sense, penetration tools differ from security vulnerability scanning tools, which focus solely on discovering new or existing vulnerabilities and not on attempting to exploit them. That said, many security tools on the market today combine both vulnerability scanning and penetration testing capabilities.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »List of Well-Known TCP Port Numbers
Port numbers 0 to 1024 are reserved for privileged services and designated as well-known ports. This list of port numbers are specified in... Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »