Penetration testing, also called pen testing, is a cybersecurity practice that tests computer systems, websites, and applications for vulnerabilities open for cyber attack. Pen tests attempt to simulate an unauthorized attack to expose vulnerabilities that would allow system access. These tests can be performed automatically through security tools or manually. Penetration tests are only one component of a complete security program and its various monitoring and testing tools.
Penetration tests can happen at any point, including after the program is running to check a program or system’s overall security health. Penetration tests aim at specific targets. Before launching the simulated attacks, information on the target is gathered to identify potential entryways. The actual break-in attempts can be performed virtually or by penetrating the system. Pen tests can also expose if security policies and protocols are understood and being adhered to.