Penetration testing, also known as pen testing or ethical hacking, is a simulated cyberattack on a computer system, network, or other facility, performed to evaluate its security. The goal of a pen test is to identify vulnerabilities in the system and demonstrate the business impacts of weaknesses in a system. Penetration testers use the same tools, techniques, and processes as attackers to find and exploit vulnerabilities in a system. Penetration testing is a manual effort, but testers also use automated scanning and testing tools. Penetration testing is a component of a full security audit and can support risk assessments.

Penetration testing can be adapted to any industry or organization and is unique from other cybersecurity evaluation methods. Depending on the goals of a pen test, testers are given varying degrees of information about, or access to, the target system. Penetration testing is often conducted with a particular goal in mind, such as identifying hackable systems, attempting to hack a specific system, or carrying out a data breach.

In summary, penetration testing is a simulated cyberattack on a computer system, network, or other facility, performed to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and exploit vulnerabilities in a system. Penetration testing is a manual effort, but testers also use automated scanning and testing tools. Penetration testing is a component of a full security audit and can support risk assessments.