Offensive Security

Penetration Test

A structured, ethical simulation of attacks against a defined target scope — typically networks, applications, APIs, or infrastructure — to identify exploitable vulnerabilities and demonstrate business impact.

A penetration test is a manual, creative security assessment conducted by trained security professionals to identify how multiple lower-severity findings chain into a critical compromise. This distinguishes it from automated vulnerability scanning, which identifies known issues against a signature database but cannot assess business logic, attack chaining, or exploitability in context.

Penetration tests are categorised by perspective: black box (no prior knowledge), grey box (limited information such as standard user credentials), and white box (full access to source code and architecture). Most engagements are grey box because they balance realism and coverage. Common methodologies include OWASP ASVS, NIST SP 800-115, PTES, and OSSTMM.

A typical penetration test runs 5-15 working days depending on scope. Engagements should produce both an executive summary and a technical findings report, with remediation guidance and free retest within 90 days.

See: Penetration Testing Services.

← Back to Glossary