Penetration testing - commonly referred to as pen testing and ethical hacking - is one of the steps and methods for testing your cyber firewall parameters and check the health of your system. It extensively covers your entire computer system, network or web application to find security vulnerabilities that a hacker could exploit to either steal or manipulate your data. Penetration testing these days can be executed and performed automatically by software applications or can be performed manually. The process involves gathering intel about the target before the test, analysing the data to spot possible entry points, attempting to breach in - either virtually or for real - and reporting back the findings to the parent company so that they can learn about their flaws and work on fixing them immediately. Penetration tests are an integral component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and each time after their system undergoes changes or updation.
However, every organisation should perform pen testing regularly - ideally, at least once a year - to keep up with latest hacking methods, to better inform network security and IT management. In addition to conducting regulatory-mandated analysis and assessments, penetration tests may also be run whenever an organization: