A penetration test, also known as a pentest, is a form of network security probe to determine if there are any vulnerabilities, or areas that could possibly be penetrated by an unauthorized user. Basically, a penetration test is an authorized attack on a company's network and computer system in order to determine the level of network security, and to expose any vulnerabilities that could put company information or assets at risk. Differences between vulnerability scanning and penetration testing Both vulnerability scanning and penetration testing are important for the security of a company or enterprise. Both forms of testing typically attempt to find the same results: vulnerabilities within the system. The methods are only different in the way they are carried out. A vulnerability scan is typically a scan of the network system in order to find more commonly-used vulnerabilities. A vulnerability scanning tool uses a list of preset vulnerabilities that have been exposed in other computer systems, and scans for these vulnerabilities in order to determine if any of these specific vulnerabilities exist. A penetration test can be carried out two different ways. A penetration test can be performed using penetration software and tools, or it can be carried out by a professional penetration specialist, typically a well-known professional hacking expert. Of these two methods, the professional penetration specialist is the most effective, as this test is performed by a real hacker—so the same techniques are applied that would be used in an actual attack on the company network by a skilled hacker. Value of penetration testing The value of penetration testing consists of several main benefits described below:
- Penetration tests identify vulnerabilities that are unable to be exposed with typical network and vulnerability scanning software.
- Penetration tests determine the strength of specific security programs and software, as well as the overall security of the network.
- Penetration tests expose high-risk vulnerabilities that may be exploited by performing a specific sequence of low-risk vulnerability exploits.
- Penetration tests expose flaws in the company threat response plan.