A Penetration Test evaluates the security of a network, system or application by simulating attacks by a malicious user or hacker. The process involves attacking the target with or without prior knowledge of the underlying technologies to identify potential vulnerabilities. These may result from poor or improper system configuration, application weaknesses, known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
This analysis is carried out both for insider (disgruntled employee or contractor) and external attacker and involves active exploitation of security vulnerabilities. All identified security issues are then presented to the management, application and systems teams along with recommendations for their remediation.