Penetration testing is a series of processes and techniques that simulate a real cyberattack. The ultimate goal is to identify security vulnerabilities in an organization’s databases, networks, and devices. Penetration tests are carried out by people known as ethical hackers, who understand how real hackers think and what they’re after. These ethical hackers may work on staff at a company or as external consultants.
To better understand the point of penetration testing, consider this example: An organization deploys a new human resources software that lets remote workers track their work schedule and request time off from home. The organization may hire a penetration tester to ensure this new service doesn’t create any unexpected entry points for cyber attackers. This process ultimately helps the organization keep company and customer data secure.
Penetration is hacking, but it’s authorized hacking. Pen testers receive a signed contract from the client called a statement of work, that outlines what they are allowed to do, and gives them permission to carry out the penetration test. Without authorization, breaking into an organization’s environment is illegal.
