A. What is Penetration Testing?
Penetration Testing, pen testing, or ethical hacking is the process of assessing an application or infrastructure for vulnerabilities in an attempt to exploit those vulnerabilities, and circumvent or defeat security features of system components through rigorous manual testing. Those vulnerabilities may exist due to misconfiguration, insecure code, poorly designed architecture, or disclosure of sensitive information among other reasons. The output is an actionable report explaining each vulnerability or chain of vulnerabilities used to gain access to a target, with the steps taken to exploit them, alongside details of how to fix them and further recommendations. Each vulnerability discovered is assigned a risk rating which can be used to prioritise actionable remediation tasks.
B. What Are the Benefits of Penetration Testing?
Penetration testing will reveal vulnerabilities that otherwise would not be discovered through other means such a vulnerability scan. The manual, human analysis means that false positives are filtered out.
Furthermore, it demonstrates what access can be gained, as well as what data may be obtained through attempting to exploit vulnerabilities discovered in the way that a real world attacker would. This effectively demonstrates the real risk of a successful exploitation given each vulnerability used to gain access.
