A penetration test is basically a real hacking attack performed by an ethical hacker. If the hacking attack itself is based on a structurally reproducible approach and a client legally commissions this hacking attack as a test against himself or his IT, we call it a professional penetration test. This legal hacking attack is carried out by a so-called penetration tester.
However, the objective differs between a malicious hacker and a penetration tester. It is usually sufficient for a malicious hacker to identify a single critical vulnerability and successfully exploit it. In a penetration test, however, this is not sufficient. The penetration tester not only has to find one vulnerability, but needs to examine the entire attack vector based on a structured approach.
Last modified: Nov. 15, 2022