what is Penetration Testing?

Penetration Testing

Penetration testing refers to the testing of a cyber system, network, or application to detect weaknesses that may be exploited by a malicious hacker. You are essentially trying to gain access to a system without having any usernames or passwords.
The aim is to see how easy it is to acquire confidential information about an organization, and then increase the security of the system being tested. 

The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies.

So what exactly is the difference between a penetration test and an attack? Permission!

A hacker who conducts a penetration test will be given the authorization by the owner of the system, who will then expect a detailed report at the end of it all. As the tester, you may be given user-level access to allow you to gain entry into the system. From there, you will be expected to see whether it’s possible to gain access to confidential information that an ordinary user should never see.

The other option is to go in blind. In a blind or covert assessment, you are not given any information except the name of the client organization. The rest is up to you, which is exactly how most malicious hackers do it anyway. The only issue with a covert assessment is that it will take more time than an overt one, increasing the chances of you missing some flaw.