What is penetration testing? | Process and methods
Penetration testing definition
Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) is a systematic process of probing for vulnerabilities in your networks (infrastructure) and applications (software).
It can also examine physical security measures or identify security weaknesses in people (social testing).
Penetration testing is essentially a controlled form of hacking. The ‘attackers’ act on your behalf to find and test weaknesses that criminals could exploit. These might include:
- Inadequate or improper configuration;
- Hardware or software flaws;
- Operational weaknesses in processes or technical countermeasures; and/or
- Employees’ susceptibility to phishing and other social engineering attacks.
Experienced penetration testers mimic the techniques used by criminals to probe these vulnerabilities – individually or in combinations – without causing damage. This enables you to address the security flaws that leave your organisation vulnerable.
Find out about our penetration testing services
Why is penetration testing important?
Penetration testing is important because it is one of the best ways to find and fix security vulnerabilities in a system before an attacker has a chance to exploit them. By conducting penetration testing, organisations can prevent or mitigate the damage that an attacker could cause if they successfully exploited a security vulnerability.
To protect yourself, you should regularly conduct penetration tests to:
What should good penetration testing include?
A good penetration testing engagement should include a comprehensive assessment of an organisation's attack surface. This assessment should identify all potential entry points into the network, including unsecured ports, unpatched vulnerabilities, misconfigured systems and weak passwords.
Once all possible entry points have been identified, the penetration tester should attempt to exploit them to gain access to the network. Once accessed, the tester should check for sensitive data, such as customer information, financial records and company secrets. Finally, the tester should attempt to escalate privileges and gain full control over the network.
Types of penetration testing
Different types of penetration testing focus on a different aspect of your organisation’s logical perimeter – the boundary that separates your network from the Internet.
Web application penetration testing
Web application penetration testing is a process of testing a web application to find security vulnerabilities that could be exploited by attackers.
This includes:
- Testing user authentication to verify that accounts cannot compromise data;
- Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting) or SQL injection;
- Confirming the secure configuration of web browsers and identifying features that can lead to vulnerabilities; and
- Safeguarding database server and web server security.
Learn more about web application penetration testing
Internal network penetration testing
Internal network penetration tests focus on what an attacker with inside access could achieve. An internal test will generally:
- Test from the perspective of both an authenticated and non-authenticated user to identify potential exploits;
- Assess vulnerabilities affecting systems that are accessible by authorised login IDs and that reside within the network; and
- Check for misconfigurations that could allow employees to access information and inadvertently leak it online.
Learn more about internal network penetration testing
External network penetration testing
External penetration tests identify and attempt to exploit security vulnerabilities that might allow attackers to gain access from outside the network. An external test will generally:
- Identify vulnerabilities in the defined external infrastructure, such as file servers and web servers;
- Check authentication processes to ensure there are appropriate mechanisms to confirm users’ identities;
- Verify that data is being securely transferred; and
- Check for misconfigurations that could allow information to be leaked.
Learn more about external network penetration testing
Social engineering penetration testing
As technical security measures improve, criminals increasingly use social engineering attacks such as phishing, pharming and BEC (business email compromise) to access target systems.
So, just as you should test your organisation’s technological vulnerabilities, you should also test your staff’s susceptibility to phishing and other social engineering attacks.
Learn more about social engineering penetration testing
Wireless network penetration testing
If you use wireless technology such as Wi-Fi, you should also consider wireless network penetration tests.
These include:
- Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
- Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
- Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
- Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
Learn more about wireless network penetration testing
Red team penetration testing
Red teaming is a type of penetration testing that focuses on mimicking the actions of a real-world attacker. This can involve using any methods available to gain access to networks, systems and information. Red teaming may also involve physical access in some cases.
Learn more about Red team assessments
Purple Teaming
Purple teaming combines offensive (red team) and defensive (blue team) security expertise in a single, continuous engagement, with attackers and defenders sharing insights in real time.
This not only reveals vulnerabilities but also builds the capabilities of your security operations team, strengthens detection and response skills, and ensures that lessons are embedded and improvements are measurable.
Learn more about purple teaming
OT (operational technology) and IoT (Internet of things) security
We deliver a full suite of OT and IoT services, designed to reduce risk and strengthen assurance:
- OT and IoT Testing Services
In-depth performance evaluations and compliance checks tailored to your specific environment and industry, ensuring interconnected systems remain secure and reliable.
- OT Discovery and Cyber Risk Assessments
Comprehensive analysis of your OT environment to identify vulnerabilities, assess risks and provide a clear, prioritised roadmap for safeguarding critical assets.
- OT Tabletop Exercises
Customised simulations aligned with your organisation’s architecture, software, hardware and security tools to help your teams strengthen incident response and improve decision-making when under the pressure of an attack.
Learn more about OT and IoT security
Speak to an expert
For more information on how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on
+44 (0)333 800 7000, or request a call back using the form below.
Get in touch
IT Governance’s penetration testing solutions
Our CREST-accredited penetration testing services have been developed to align with your business requirements and budget, as well as the value you assign to the assets you intend to test.
Our proprietary security testing methodology is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project) methodologies.
Level 1 penetration tests are suitable for organisations that want to identify common exploitable weaknesses targeted by opportunistic attackers using freely available, automated attack tools. They are an off-the-shelf option with fixed constraints and are priced by scale according to factors such as the number of IP addresses in scope.
Level 2 penetration tests are aimed at those with more complex objectives or who require a more detailed exploration of complex or sensitive environments. They are designed according to clients’ individual needs following scoping.
Read more about our penetration testing services here. To discuss your penetration testing needs, follow the links below or contact us today.