A penetration test is basically a structured attack on a company’s IT infrastructure. During this, a penetration tester uses the same tools and techniques that a hacker uses in his attack. However, the objective differs between a malicious hacker and a professional penetration tester.
A hacker usually tries to hack a company in order to gain access to its IT systems and data. To do this, he only needs a single critical vulnerability that can successfully exploited.
However, companies that commission a penetration test do not primarily want to be successfully hacked, they want to know whether this is possible. For this purpose, a penetration tester will try to identify all vulnerabilities, regardless of their criticality. Many vulnerabilities are also attempted to be exploited, but not all. Because some further attacks pose a higher risk for the attacked IT systems.
