The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.
Regularly scheduled network penetration testing can help an organization identify weaknesses in their network security before the bad guys can mount an attack. The goal of conducting a penetration test or conducting a web application scan is to identify gaps within your infrastructure that are open to known vulnerabilities without actually compromising your systems.
This type of pen test targets a company’s externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they’ve gained access.
This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.