What is Penetration Testing?

A penetration test, colloquially known as a pentest or as ethical hacking, is an authorized simulated attack performed to evaluate the security of a server or a corporation.

There are three types:

  • Black box: The attacker has no information about the target
  • White box: The attacker has full information about the target (i.e. source code, low privilege user password, etc)
  • Grey box: A mix of two above, the attacker has some information and must obtain the other part

The difference between a penetration test and vulnerability assessment is that the latter only identifies vulnerabilities, usually using an automatic vulnerability scanner as Nessus, Acunetix, OpenVAS, Nexpose, Qualys, etc. And a penetration test identifies and exploits all the vulnerabilities until the security of the whole system or organization is compromised.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?