Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking an attacker. Think about it as quality assurance for your IT security. Like most people, you probably think that quality assurance for software is both sensible and necessary before you roll out software into production. It’s sensible not because you don’t trust the software developers to do a good job, but because it’s good business practice to ensure that the code works as expected. It verifies that your production systems are secure.
Some penetration testers prefer the term “security assessment” over “penetration testing,” although they relate to the exact same process. Penetration testers are sometimes called the Red Team, a term that comes from the early days of penetration testing in the military, whereas the Blue Team is the defensive team. If you wonder how penetration testing relates to port scanning and vulnerability management, you’re not alone.
