A penetration test, colloquially known as a pentest, is an authorized simulated attack performed to evaluate the security of a server or a corporation.
There are three types:
- Black box: The attacker has no information about the target
- White box: The attacker has full information about the target (i.e. source code, low privilege user password, etc)
- Grey box: A mix of two above, the attacker has some information and must obtain the other part.
The difference between a penetration test and vulnerability assessment is that the latter only identifies vulnerabilities, usually using an automatic vulnerability scanner as Nessus, Acunetix, OpenVAS, Nexpose, Qualys, etc. And a penetration test identifies and exploits all the vulnerabilities until the security of the whole system or organization is compromised.