Pen-Testing

pen-test

Penetration testing is the process of attempting to gain access to resources without knowledge of user names, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, pricelists, databases and other protected information.

The main thing that separates a penetration tester from an attacker is permission.
The penetration tester will have permission from the owner of the computing resources that are being tested and will be responsible to provide a report.
The goal of a penetration test is to increase the security of the computing resources being tested.

In many cases, a penetration tester will be given user level access and in those cases, the goal would be to elevate the status of the account or user other means to gain access to additional information that a user of that level should not have access to.

One of the main reasons to performing a penetration test is to find vulnerabilities and fix them before an attacker does.