IT penetration testing is a process used to assess the safety and security of a computer system or network by faking an attack from malicious hackers. The procedure is related to a vulnerability assessment, but includes a lot more. A vulnerability assessment is performed by a machine looking throughout your network. With a penetration test, a professional penetration testing resource reviews the results of the vulnerability scans and also validates the results against the network or application. Because it is an actual human being performing the review, there are frequently new findings that a machine doesn’t catch. Also, because the test is usually carried out from the position of a prospective hacker, it will more often find the vulnerabilities that hackers find. You may have heard penetration testing referred to as ethical hacking.
Penetration testing is done for many different reasons. Some of these are: To discover high risk vulnerabilities that can result from low risk vulnerabilities. To recognize vulnerabilities that may otherwise be hard to identify with automated network or vulnerability scanning software. Testing networks to be able to successfully detect and respond to hacking attacks.
Penetration tests are an element of a security audit. The Payment Card Industry Data Security Standard (PCI DSS) and the security and auditing standard require both annual and ongoing penetration testing.