It is a method to assess the security of a computing system or network, by means of an attack simulation.

Penetration tests can be

  • Internal: the simulation requires that the attacker has physically access to the organisation’s facilities or has an in-depth knowledge of the structure and of the company’s organization
  • External: the simulation requires that the attacker is an external person with a limited knowledge of the target systems