An authorized, simulated attack on systems or applications to find and demonstrate exploitable security weaknesses.
A penetration test, or pen test, is a controlled attempt by skilled testers to break into systems the way a real attacker would. Unlike an automated scan, it actively exploits weaknesses to show their real impact and how they chain together.
The result is a report of confirmed findings, ranked by severity, with remediation advice. Many frameworks and customers expect regular pen tests as evidence of due diligence.
Related frameworks
KaitoSec