Abstract: Penetration tests are an excellent method for determining the strengths and weaknesses of a network consisting of computers and network devices. However, the process of performing a penetration test is composite, and without care can have disastrous effects on the systems being tested. The goal of this is not to cause damage, but more to identify attack surfaces, vulnerabilities, and other security weaknesses from the perspective of an attacker. Such testing can range across all aspects of a system; the areas of computer, operational, personnel, and physical security can all encompass potential weaknesses that a malicious attacker can use, and thus a penetration tester may examine. Depending on the organization's prime concern, risk assessment, and policies, some of these areas may be out of scope or not deemed as important, so a decreased scope penetration test may be conducted.
Keywords: pen testing; network security; vulnerability; testing; pen testing tools.