What is a Penetration Test
A penetration test is an orchestrated, simulated attack on a computer system, with the goal of identifying any vulnerabilities or weaknesses in that systems security controls or protocols (Penetration Test – Wikipedia).
These tests actively attack your business’ systems in order to not only identify vulnerabilities, but also to exploit them to demonstrate the kind of damage a malicious attack could potentially do. By understanding the kind of vulnerabilities that are present within your IT environment, you can better prepare for security attacks in the future (What is a Pen. Test and Why do I Need One? – Forbes).
Definition in Action
These tests are usually done by unbiased, third party companies who attempt to gain access to systems without usernames or passwords and purely by exploiting any weaknesses that may exist (Penetration Testing – SANS). Additionally, some penetration tests also include physical security tests – these test check security protocols on premise such as use of badges, locking workstations, securing doors etc.