Ethical Hacking (also known as Penetration Testing) is the authorized hacking practice to attempt to bypass the defensive security measures of a system or network by exploiting discovered vulnerabilities among them. The mission of the Penetration Test is to attempt to discover potential threats and vulnerabilities in the network, manually attempt to exploit them, and compromise the integrity of the network.
The end goal of the Penetration Test is to validate the existence of the vulnerabilities, exploit them to confirm they are not false positives, achieve a foothold into the network and attempt to pivot into gaining further access. What the Penetration Tester (PenTester) does is attempt to infiltrate as further as possible into the network, to determine the security posture of the organization.
Penetration Testing is performed with the same tools, techniques and procedures that malicious attackers utilize. By taking the same approach, an authorized Penetration Tester can discover the vulnerabilities before a real malicious attacker discovers them.
Once the engagement is completed, a report with all the relevant information of the engagement is delivered to the organization, to which can be utilized to remediate all the vulnerabilities and discoveries on the network. The deliverable report commonly includes the information about the target, the methodology of the approach and attack, the vulnerabilities discovered, how they were exploited, and finally the proper or recommended steps to mitigate them.
From a security perspective, Penetration Testing is one of the most common proactive approaches that all organizations in any industry perform against their networks. Penetration Testing are an excellent way of measuring how an organization will be able to handle and protect from a real malicious attacker.