Pentest

A pentest (or penetration test) is an offensive security audit during which an expert (the pentester), with written authorisation, simulates attacks against a target (web application, API, infrastructure, mobile app, cloud environment) to identify exploitable vulnerabilities before a real attacker does.

Pentests come in flavours: black box (no initial access), grey box (limited access, for example a user account) and white box (full access to code and documentation). The deliverable is a prioritised report with proof of exploitation and remediation recommendations.

Pentests are complementary to static analysis (SAST), dynamic analysis (DAST), bug bounties and configuration audits.