Penetration Test

1 min read - 201 words

Definition

A penetration test is colloquially also known as pentest. Penetration tests are one component of a full security audit. Also, a pentest is not to be confused with an automated vulnerability scan.

Penetration testing is a method for analysing the security of IT systems. The goal is to gain assurance in the security of an IT system. This is achieved by attempting to breach that system’s security. The same tools and techniques are applied as an adversary might utilize. The outcome of a penetration test is a list of vulnerabilities. To help prioritise the remediation tasks each finding is assigned a technical risk rating. The underlying factors are the three core aspects of information security: Confidentiality, Availability, Integrity. One common method to conduct risk rating is the Common Vulnerability Scoring System (CVSS).

Depending on the scope penetration tests are further distinguished. Based on the underlying pentest type different testing methodologies and approaches can be applied. Some commonly referred bodies and terminologies are

  • Open Web Application Security Project (OWASP) Top 10
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Methodologies and Standards (PTES)

Additional Resources