Penetration Testing

Email Alerts

Register now to receive news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • requirements analysis (requirements engineering)

    Requirements analysis, also called requirements engineering, is the process of determining user expectations for a new or modified product... (Continued) 

  • Wirth's Law

    Wirth's Law states that computer software increases in complexity faster than does the ability of available hardware to run it... (Continued) 

  • functional specification

    A functional specification (or sometimes functional specifications) is a formal document used to describe in detail for software developers a product's intended capabilities, appearance, and interactions with users. 

  • software requirements specification (SRS)

    A software requirements specification (SRS) is a comprehensive description of the intended purpose and environment for software under development. The SRS fully describes what the software will do and how it will be expected to perform... (Continued)... 

  • Software Engineering Institute (SEI)

    The Software Engineering Institute (SEI) is a research, development and training center involved in computer software and network security. The SEI works with industry, academic institutions and the United States government to improve the performance... 

About Penetration Testing

Penetration testing is a method of testing to simulate a breach of security or an attack from a malicious source. The system is analyzed for potential weaknesses or vulnerabilities and examined from the viewpoint of a potential attacker. The testing will work to actively exploit security vulnerabilities and will report back to the system owner risks, feasibility for an attack, and recommended steps to mitigate the risks of an attack. Penetration testing can be performed as a white-box test, where system internals are known, or as a black-box test, which would be similar to a malicious user with no knowledge of the infrastructure being tested.