< Back

Penetration test

Penetration test is a dedicated custom set of automatic and manual tests performed by a security expert (the Penetration Tester) built for a specific ad hoc application security testing, usually after the application is fully developed. The penetration test is designed to check the security maturity of the system and to discover weaknesses and vulnerabilities that require mitigation. Usually the penetration test will result in a PT report detailing the weaknesses and vulnerabilities discovered, along with risk analysis of each finding and recommendation for mitigation. Penetration tests can be white box (where the penetration tester has access to internal data like the architecture design or source code of the application) or black box (where the penetration tester has no internal data of the application). Some standards (like PCI compliance standard) define requirements for the penetration tester qualifications and other penetration testing methodologies standards and requirements.

Related Terms

Application-Security-Management

AppSec, but so much

Reclaim AppSec