A test methodology intended to circumvent the security function of a system. Penetration testing, often referred to as a 'pentest' is intended to evaluate the security in your system before an attacker does. Penetration testing tools can help simulate real-world attack scenarios to identify security gaps that could lead to stolen records, compromised credentials, intellectual property, personally identifiable information (PII), cardholder data, personal, protected health information, data ransom, or other harmful business outcomes. By exploiting security vulnerabilities, penetration testing helps you prepare how to best mitigate and protect your business data from future cybersecurity attacks.
Traditional pentests may take weeks to months to setup, peform, remediate and retest. An emerging practice, continuous pentesting, seeks to implement pentesting practices directly into company software development lifecycles to provide closer to real-time engagement for issues that may otherwise be released or observed in production.
Example:
"Some of the best security leaders in the industry are former penetration testers. Their intimate understanding of back-end systems and how to break them is a key factor in knowing how to defend those same systems."