Penetration Testing

Penetration testing, or pen testing, is a simulated security testing process conducted by an enterprise or third party “ethical hacking” service to test the company s network and IT systems for vulnerabilities and potential for cybersecurity exploits.

Penetration testing examines corporate security from a hacker s point of view, analyzing and testing the company s existing security systems and processes to identify exploitable vulnerabilities as well as areas that could be improved from a data protection and security standpoint.

The idea behind penetration testing is to find exploitable weaknesses in the corporate network and patch or fortify them before cyber attackers have a chance to discover and take advantage of them.

Some of the more popularly used tools deployed for penetration testing include Metasploit, Portswigger Web Security s Burp, Kali Linux, Fiddler, Nessus, Nmap, sqlmap, Wireshark, John the Ripper, Hyrda, Aircrack-ng, and Zed Attack Proxy.

Penetration Testing Tools

Image source: Imperva

How Security Penetration Tools Work

Penetration testing can be conducted manually as needed or can be set up with software tools to run automatically, either continuously or periodically. Systems involved in pen testing can include network access points, front-facing web sites, application protocol interfaces (APIs), backend databases and servers, in-house and third-party applications that connect to the corporate network, and more.

Penetration tools typically operate using lists of known security vulnerabilities and issues and then attempt to exploit and penetrate corporate security defenses based on these vulnerabilities.

In this sense, penetration tools differ from security vulnerability scanning tools, which focus solely on discovering new or existing vulnerabilities and not on attempting to exploit them. That said, many security tools on the market today combine both vulnerability scanning and penetration testing capabilities.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Embedded Analytics

Embedded analytics brings self-service business intelligence to everyday application users.

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their workforce operations. They provide a central platform for human resources professionals...

Complete List of Cybersecurity Acronyms

Cybersecurity news and best practices are full of acronyms and abbreviations. Without understanding what each one means, it's difficult to comprehend the significance of...

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...