The What, Why, Who and Types of Pen Testing
A penetration test is used to evaluate the security of an information technology environment whether that be on-premise, cloud or hybrid, or testing applications, systems, networks or human controls.
The goals of penetration testing are to:
Proactively identify vulnerabilities that leave the organisation exposed to malicious actions;
Actively exploit vulnerable systems to prove that the identified vulnerability actually poses a risk to the organisation; and
Prove access gained to systems via exploitation leads to the exposure of sensitive or personal data
Outcomes of a successful penetration testing program include identification of vulnerabilities, crosschecking of the effectiveness of existing security controls to protect against identified exposure, compliance regulation and the ability to prioritise risks and manage mitigation and remediation of those risks.