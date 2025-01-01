What is it?





A penetration test can help determine whether the system is vulnerable to attack, if the defenses are sufficient and which defenses (if any) the test has defeated.





A pen test looks to infiltrate a target system and achieve a predefined set of goals or scenarios. These organized attacks are commonly described as a white box (where some system knowledge is known in advance, which might simulate information given by an inside informant) or a black box (which makes no assumptions about internals but will scan for known vulnerabilities). A gray box penetration test is a combination of the two (where some necessary information might be known or assumed from the type of company and how it is deployed).





Security issues that the penetration test uncovers are reported to the system owner. Historically tests of this nature are done during an acceptance testing phase before a system or upgrade goes live. However, we strongly recommend that this practice is done throughout the development lifecycle, both in near-live and fully operational conditions.