Penetration testing

A penetration test is an intrusive test where a third party has been authorized to carry out an attack on a company's network. Rules have been agreed on, so they just need to identify the weaknesses, should it be exploited as far as it can go.

Penetration testing is commonly known as a pen test. The pen testers are given different amounts of information:

  • Black box: Black box pen testers are given no information on the company
  • Gray box: A gray box pen tester is given some information
  • White box: A white box pen tester knows everything about the system

For example, a pen tester is about to carry out a pen test but has not been given any information on the system. As he arrives at the company, the IT manager offers him a ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.