Penetration Testing (Pen-Testing)

Last Updated: November 2, 2015

Definition - What does Penetration Testing (Pen-Testing) mean?

Penetration testing (pen-testing or pentesting) is a method of testing, measuring and enhancing established security measures on information systems and support areas.

Pen-testing is also known as a security assessment.

Free White Paper: "AI in the Insurance Industry: 26 Real-World Use Cases" | Discover what the future of insurance holds and how AI innovation can be used to hit the mark even more precisely.

Techopedia explains Penetration Testing (Pen-Testing)

Pen-testing may be conducted to complement background investigations and ensure social engineering and networking safety.

Pen-testing is implemented by simulating malicious attacks from an organization's internal and external users. The entire system is then analyzed for potential vulnerabilities. A plan that communicates test objectives, timetables and resources is developed prior to actual pen-testing.

Pen-testing is an invaluable process for a number of reasons, including the following:

Minimal security breach potential ensures system reliability.
Complies with regulatory or other agencies.
Demonstrates a good-faith effort to protect customer information

Pen-testing tools include:

Commercial off-the-shelf (COTS) or prebuilt equipment and/or software applications
Proprietary enterprise applications (EA)
Potentially compromisable phone and wireless systems
Physical controls
Websites