We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is a Penetration Test?

Mary McMahon
By
Updated: May 16, 2024
Views: 9,967
Share

A penetration test is a type of security assessment performed on a computer system in which the person performing the assessment attempts to hack into the system. The goal of the test is to determine whether or not someone with malicious intent can enter the system, and what he or she can access once the system has been penetrated. Penetration tests are offered by a number of firms which specialize in the security of computer systems, and they are often strongly recommended for systems and companies of all sizes, as damage to a computer system caused by a hostile attack can be costly and embarrassing.

There are a number of different approaches to the penetration test. In a black box approach, no information about the system is provided to the person performing the test. He or she starts from the ground up to seek out potential exploits and break into the system. In a white box test, all of the information is provided, allowing the tester to simulate an inside job or leak of information. Some companies pick a hybrid approach, in which some information is provided and other information must be sought out.

In the course of a penetration test, the security expert can simulate the deletion or alteration of data, theft of files, insertion of malicious code, and a variety of other activities. The penetration test can slow down the system, which makes the timing of the test important; companies want to avoid interfering with their own operations when they are performing security assessments.

The people who perform penetration tests have an ample library of computer skills, and some have a history as hackers which has familiarized them with the numerous ways in which computer systems can be exploited. Hiring skilled hackers as security consultants can actually be a very savvy business move for a firm which specializes in computer and network security, as hackers often have the most up to date knowledge and information, and they are used to approaching computer systems from the role of someone with malice, rather than the role of a concerned security expert.

For simple testing, it is possible to use an automated system to perform a penetration test. This cuts down on expense, and allows companies to easily hold random testing when they think there might be a need. Manual testing is more in-depth and time consuming, but it can yield more complete results. A creative and determined human can detect potential exploits which an automated program may miss.

Once a penetration test is concluded, the findings are written up and presented to the client. Along with the findings, a list of recommendations is generated, with the security firm indicating areas in which security could be improved and making suggestions for improvement.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Mary McMahon
By Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Discussion Comments
Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a...

Learn more
Share
https://www.easytechjunkie.com/what-is-a-penetration-test.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.