What is penetration testing?
Penetration testing is a security-assessment method in which authorized testers attempt to circumvent or defeat a system's security controls — under agreed constraints — to find exploitable weaknesses before real attackers do.
What it means
NIST describes penetration testing as a methodology where assessors, working under specific rules, try to bypass a system's defenses. It is authorized, scoped attack simulation used to surface and document real vulnerabilities. It is the core activity behind offensive-security roles and credentials such as penetration tester and ethical hacker.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is penetration testing? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |