P
Pentest (Penetration Testing)
An authorized simulated cyberattack performed to evaluate the security of systems by identifying vulnerabilities before malicious actors can exploit them.
What is Penetration Testing?
Penetration testing (pentesting) is an authorized simulated attack on a computer system, network, or application to evaluate its security. Ethical hackers use the same techniques as malicious actors to identify vulnerabilities before they can be exploited.
Pentest Types
By Knowledge Level:
- Black Box: No prior knowledge (external attacker simulation)
- White Box: Full system knowledge (comprehensive assessment)
- Gray Box: Partial knowledge (realistic insider threat)
By Target:
- Network: Infrastructure and services
- Web Application: Websites and APIs
- Mobile: iOS and Android applications
- Social Engineering: Human vulnerabilities
- Physical: Building and facility security
Pentest Phases
- Reconnaissance: Gather information about target
- Scanning: Identify live systems and services
- Exploitation: Attempt to breach security
- Post-Exploitation: Assess impact and lateral movement
- Reporting: Document findings and recommendations
Deliverables
- Executive summary for leadership
- Technical findings with evidence
- Risk ratings (CVSS scores)
- Remediation recommendations
- Retest verification