What is Penetration Testing?

Penetration Testing Wiki



A penetration test, colloquially known as a pentest or as ethical hacking, is an authorized simulated attack performed to evaluate the security of a server or a corporation.

There are three types:

  • Black box: The attacker has no information about the target
  • White box: The attacker has full information about the target (i.e. source code, low privilege user password, etc)
  • Grey box: A mix of two above, the attacker has some information and must obtain the other part

The difference between a penetration test and vulnerability assessment is that the latter only identifies vulnerabilities, usually using an automatic vulnerability scanner as Nessus, Acunetix, OpenVAS, Nexpose, Qualys, etc. And a penetration test identifies and exploits all the vulnerabilities until the security of the whole system or organization is compromised.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *