Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in — either virtually or for real — and reporting back the findings.

Typically, the information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization’s IT and network system managers, enabling them to make strategic decisions and prioritize remediation efforts.