Pentest — or penetration test — shows how an attacker can penetrate a company’s IT infrastructure using its vulnerabilities. They may be part of the operating system, services, applications, as well as to be the result of improper configuration or user’s actions. Such an assessment is useful in verifying the effectiveness of defense mechanisms, as well as user compliance with security policies.
Penetration testing is usually performed using manual or automated technologies to compromise servers, computers, web applications, wireless networks, network devices, and other potential points of impact. After the vulnerabilities have been successfully exploited, the testers can try to use compromised system to launch subsequent exploits on internal resources.
Information on any security vulnerabilities that were successfully used during penetration test is usually collected and provided to the heads of the company and IT departments to help specialists draw strategic conclusions and prioritize appropriate measures.