Penetration Testing

Definition

Authorized simulated attack on a system to find security vulnerabilities. Like hiring friendly burglars to test your security system and find weaknesses.

Use Cases

Frequently Asked Questions

What's the difference between penetration testing and vulnerability scanning?
Vulnerability scanning is usually automated and looks for known issues (like missing patches or insecure configurations). Penetration testing is more hands-on and tries to actually exploit weaknesses to prove impact (for example, showing how an attacker could access sensitive data). Scans are broader and frequent; pen tests are deeper and scenario-driven.
When should I use penetration testing?
Use penetration testing before major releases, after significant architecture changes, when exposing new internet-facing endpoints (APIs, web apps), when entering regulated environments, or when you need evidence that controls work in practice. It’s also useful after a security incident to validate that similar attack paths are closed.
How much does penetration testing cost?
Cost depends on scope and complexity: number of applications/IPs, testing depth (black/gray/white box), whether social engineering is included, compliance reporting needs, and retesting. Small, single-application tests can be in the low thousands of USD, while large environments or red-team style engagements can be tens to hundreds of thousands. Ongoing programs (quarterly tests, continuous testing, or bug bounties) add recurring costs but can improve coverage over time.

Category: security

Difficulty: advanced

Related Terms

See Also