Security Advanced

What is Penetration Testing?

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

Penetration testing (pen testing) mimics real-world attacks to find security weaknesses before malicious actors do. Phases include reconnaissance, scanning, exploitation, post-exploitation, and reporting.

Types include black box (no knowledge), white box (full access), and gray box (partial knowledge). Tools include Metasploit, Burp Suite, Nmap, and OWASP ZAP. Regular pen testing is essential for security compliance and risk management.

Learn More About This Topic

Ethical Hacking & Penetration Testing

Directly covers this topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Related Terms

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

A technique that controls the number of requests a client can make to a server within a specified time period.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

View All Security Terms →