Penetration Testing

Penetration testing (pen testing) mimics real-world attacks using the same techniques, tools, and methodologies as malicious hackers. Types include network pen testing, web application pen testing, social engineering, and physical security testing. Pen tests follow a structured methodology: planning and reconnaissance, scanning, exploitation, maintaining access, and reporting. Results include identified vulnerabilities, proof of exploitation, and remediation recommendations. Pen testing is required by many compliance frameworks (PCI DSS, SOC 2, ISO 27001) and is a key component of a mature security programme.