Concept
A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses (or vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information other than the company name is provided). A gray box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor). A penetration test can help identify a system's vulnerabilities to attack and estimate how vulnerable it is. Security issues that the penetration test uncovers should be reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk. The UK National Cyber Security Center describes penetration testing as: "A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might." The goals of a penetration test vary depending on the type of approved activity for any given engagement, with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor, and informing the client of those vulnerabilities along with recommended mitigation strategies. Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes.
Olivier Sauter, Ambrogio Fasoli, Basil Duval, Stefano Coda, Martinus Gijs, Jonathan Graves, Yves Martin, Duccio Testa, Patrick Blanchard, Bruno Emanuel Ferreira De Sousa Correia, Alessandro Pau, Pierre-Thomas Paul Brun, Cristian Sommariva, Henri Weisen, Richard Pitts, Sun Hee Kim, Yann Camenen, Jan Horacek, Javier García Hernández, Marco Wischmeier, Mikhail Maslov, Nicola Vianello, Miguel Fernández Ruiz, Federico Nespoli, Antonio José Pereira de Figueiredo, Liang Yao, Yao Zhou, David Pfefferlé, Dalziel Joseph Wilson, Robin Humphry-Baker, Davide Galassi, José Pedro Rebelo Ferreira Marques, Ana Francisca Leal Silva Soares, Jonathan Marc Philippe Faustin, Daniel Scott Alessi, Arnout Lodewijk M Beckers, Julio Rodriguez, Hamish William Patten, Jonnathan Cesar Hidalgo Acosta, , , , , , , , ,