What is Penetration Testing?
How Pen Tests Discover Weaknesses in Your Attack Surface
Penetration testing is a process to get insight into security weaknesses within your attack surface. Unlike a vulnerability assessment program, which is an ongoing process, pen tests provide a point-in-time picture into your cyber health. Pen tests can help define ways to reduce cyber risk and build stronger vulnerability assessment practices.
Learn more about:
How to Make Pen Tests More Effective
Exposure management best practices can improve the effectiveness of your pen testing processes.
Learn MorePen Test Frequently Asked Questions
Do you have questions about penetration testing? Check out this FAQ for answers to some of our most commonly asked questions.
Learn MoreTenable Community for Pen Tests
Want to connect with other penetration testers? Tenable Community is a great place to get help, share ideas and ask questions.
Learn MoreHow Vulnerability Scanning and Penetration Testing Go Hand-in-Hand
Vulnerability scanning is a key component of your overall penetration testing processes.
Learn MoreMaximize Your Penetration Tests with Tenable
Tenable supports penetration testing by automating processes to quickly discover security weaknesses so you can decrease cyber risk.
How are Penetration Testing and Vulnerability Scanning Different?
While penetration testing and vulnerability scanning are complementary processes, they are not one in the same.
Penetration tests help you discover weaknesses in your attack surface to determine if an attacker can successfully infiltrate your network or assets to gain unauthorized access into your systems.
Pen tests are generally conducted by an experienced and well-trained third-party, who may use a variety of techniques to uncover and exploit these weaknesses just like an attacker would.
While a penetration test is a point-in-time assessment of vulnerabilities across your environment both on-prem and in the cloud, vulnerability scanning seeks out known security issues and misconfigurations within your attack surface so you can plan remediation to reduce your organization’s cyber risk.
Regulatory and compliance agencies, for example the Payment Card Industry Data Security Standard (PCI DSS), may require regular pen testing and vulnerability scanning, but even so, some organizations remain unclear about the differences between the two.
In this pen test guide, learn more about the differences between pen testing and vulnerability scanning to better understand how both are critical components of a mature and effective overall cybersecurity program.
Tenable Community: Your Go-To Resource for Pen Testing
Are you a cybersecurity practitioner who specializes in penetration testing? Do you have questions about pen testing resources, tools or best practices? Tenable Community is a great place to connect with other professionals to discuss penetration testing and related topics.
Here are some sample conversations happening now:
Penetration Testing for all of my Public IPs?
We have bought the Nessus Professional scanner. We have to perform penetration testing to all our public IPs. Are there recommended plugins or a plugin family for me to choose? Also required to run vulnerability assessment for all my applications.
Read MoreVulnerability Scan vs Penetration Testing
We conduct periodic vulnerability assessments and take measures against vulnerabilities. Would this be a countermeasure if a penetration test is performed? What vulnerabilities or security risks, if any, are not detected by the vulnerability assessment and are first discovered by penetration testing?
Read MoreCIS Control 20: Penetration Tests and Red Team Exercises
As a final testament to a good security program, CIS Control 20 recommends testing all security controls. These exercises are very beneficial to training and security awareness. Many times, attackers can exploit well-intended measures. For example, a really strict password policy can result in users taping passwords to their keyboard.
Read MorePenetration Testing Frequently Asked Questions
What is penetration testing?
Penetration testing is a process that gives you insight into how attackers might attempt to breach your attack surface. Pen tests detect security weaknesses through attempts to penetrate your network, just like a hacker would. As part of your vulnerability management program, you should conduct continuous vulnerability assessments to discover these weaknesses so you can prioritize and remediate them before an attacker makes a successful breach into your network. Pen tests go hand-in-hand with your vulnerability assessment program. This stand-alone activity, often conducted by a third party, is an effective way to uncover weaknesses that put your organization at risk. Like running a vulnerability scan, a pen test only gives a point-in-time snapshot of your risks. To build a comprehensive vulnerability assessment program, your teams should conduct vulnerability assessment scans continuously, with pen testing conducted periodically (for example, at least quarterly).
How does a pen test work?
Penetration tests are more than a vulnerability assessment. During a pen test, the tester conducts intentional exploits on a target or a group of targets to prove a vulnerability exists. Generally, a penetration test begins with a planning phase that outlines your test goals and expectations. During the initial scoping phase, determine if you want your pen tester to target your entire network or focus on a specific subset. After conducting the test, which can be accomplished using a variety of testing methods and tools, your tester will report back findings for review. A pen test will verify where you have security issues so you can plan for remediation and make improvements to your overall cybersecurity processes.
What are the goals for a pen test?
A pen test’s goal is to prove a vulnerability (or multiple vulnerabilities) exist within your attack surface so you can plan to remediate those that cause the greatest risk for your organization. While you are in the planning phase for your pen tests, set goals and objectives. These goals should be specific to your organization and align with your business goals and cybersecurity objectives.
How often should you conduct pen tests?
You should conduct pen tests regularly, for example, at least once per quarter. Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface is constantly changing and expanding, routine pen tests help improve your cybersecurity program and decrease cyber risk.
Why is pen testing important?
Pen testing is important for several reasons. First, a pen test can help determine if you have vulnerabilities an attacker could exploit to gain unauthorized access to your data and assets. Pen tests can also help ensure you’re meeting compliance standards. For example, PCI DSS has regulations for pen testing. Pen tests are also important because they can help you determine if you’re using appropriate security controls as part of your vulnerability management program and those controls work as expected.
What’s the difference between vulnerability assessment and penetration testing?
While there are differences between vulnerability assessment and penetration testing, the two are complementary. Vulnerability assessment is an ongoing practice that gives you insight into all the security issues across your attack surface so you can make plans to prioritize and remediate them. Conversely, pen testing is a stand-alone activity. It gives you a picture of your cyber risk at a single point in time. Pen tests help you define areas where you can make improvements that will mature your overall vulnerability assessment processes.
How is penetration testing different from vulnerability management?
Penetration testing is different from vulnerability management, but it’s a complementary part of your overall vulnerability management processes. Conducting pen tests can help you determine if your existing vulnerability management processes are working and can help identify areas where you may need to make improvements. While a pen test is a stand-alone activity that gives you a snapshot of your cyber health at a specific time, vulnerability management and vulnerability assessment processes should be ongoing.
What are the phases for penetration testing?
In general, there are five stages for penetration testing. A pen test begins with an initial engagement where you outline who will do your testing with goals and expectations. From there, set the scope of your test, for example, will you target your entire network or a specific subset? Next, conduct the test, then review the findings report before doing a follow-up review on your remediation processes. Don't forget to retest when needed.
Are there different approaches to penetration testing?
Yes. There are different approaches to pen testing. There are primarily two approaches: whitebox testing and blackbox testing. In most instances, in whitebox testing, the third-party tester already knows information about the target. However, in blackbox testing, you don't share additional target information with your tester. Also, in blackbox testing, your tester conducts network sweeps without using credentials, but whitebox testing usually takes place within a credentialed environment. Grey box testing is another approach where your organization might provide the tester with partial details about targets. Nessus Professional is a complementary tool for these approaches.
What are some pen testing best practices?
Some pen testing best practices are:
- Conduct tests at least quarterly and as required to meet compliance standards.
- Set goals, objectives and scope before conducting each pen test.
- Review results to plan for remediation.
- Follow up with additional tests as needed.
- Retain evidence uncovered by your pen tests, taking into account related laws and compliance standards for evidence retention.
How is vulnerability scanning used in penetration testing?
Vulnerability scanning is a key component of penetration testing. You can use vulnerability scanning to discover vulnerabilities and weaknesses within your attack surface. From there, you can select which vulnerabilities to target during a penetration test.
What is penetration testing?
How does a pen test work?
What are the goals for a pen test?
How often should you conduct pen tests?
Why is pen testing important?
What’s the difference between vulnerability assessment and penetration testing?
How is penetration testing different from vulnerability management?
What are the phases for penetration testing?
Are there different approaches to penetration testing?
What are some pen testing best practices?
Some pen testing best practices are:
- Conduct tests at least quarterly and as required to meet compliance standards.
- Set goals, objectives and scope before conducting each pen test.
- Review results to plan for remediation.
- Follow up with additional tests as needed.
- Retain evidence uncovered by your pen tests, taking into account related laws and compliance standards for evidence retention.
How is vulnerability scanning used in penetration testing?
How Vulnerability Scanning and Penetration Testing Go Hand-in-Hand
Penetration testing is a process that helps you discover weaknesses within your attack surface before an attacker exploits them. But where do you begin?
Vulnerability scanning is a great place to start. It’s a key component of your overall penetration testing processes. Vulnerability scanning can help you find all of the weaknesses across your attack surface so you can fix them before an attacker uses them to access your data and systems.
Here are a few ways vulnerability scanning works hand-in-hand with pen tests:
During a penetration test, your tester may perform vulnerability scans across your complete attack surface or choose to specifically target a subset, for example your internal networks, external networks, your cloud environments, internet of things (IoT) devices, industrial internet of things (IIoT) devices, operational technology (OT) devices, containers or web apps.
Nessus Professional is a vulnerability assessment tool that can help you scan for these vulnerabilities. It comes with pre-built templates to help you conduct authenticated and non-authenticated vulnerability scans. It can help you quickly — and easily — conduct both whitebox testing and blackbox testing.
Nessus templates support many compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG), and others.
You can also customize Nessus templates for your tests, including setting preferences to avoid false negatives or false positives.
Ready to learn more about how you can use Nessus for vulnerability scanning as part of your pen tests?
Read MoreNessus is the Gold Standard for Vulnerability Assessment
Vulnerabilities and assets across your modern attack surface are always changing. Trust Nessus Professional to help you stay a step ahead of attackers.
Penetration Testing Blog Bytes
How Exposure Management Can Make Pen Testing More Effective
Unfortunately, many times organizations will prioritize addressing compliance requirements and issues over developing proactive and preventive security approaches, like vulnerability scanning and penetration testing. If that's your organization's approach, you may never fully address your cyber risks, especially because attackers are constantly on the hunt for vulnerabilities in your system. Learn more about how you can apply exposure management best practices to your pen test processes to make them more effective.
Discover the Most Valuable Cyber Skills, Key Cloud Security Trends and Cyber’s Big Business Impact
Although there continues to be an ongoing shortage of skilled cybersecurity professionals, it’s good to know these skills remain in high demand. In fact, after taking a closer look at Foote Partners’ data about tech skill market value, those interested in penetration testing careers might rejoice in finding that for penetration skills, the average pay premium is 17% of the base salary equivalent, and the market value increase is more than 21%. Read more to find out about pen test value in this changing market.
Tenable Nessus Expands Attack Surface Coverage with Web App Scanning
Unsecure web apps can lead to data breaches with devastating consequences. Yet, as penetration testers know all too well, keeping up with keeping up with all the latest vulnerabilities and other potential attack methods is challenging. Far too long, testers have piecemealed different tools to try to address as many potential issues across an attack surface as they can. Read more about how a unified solution can help testers get a more comprehensive picture and overcome challenges commonly caused by siloed solutions.
Maximize Your Penetration Tests with Tenable
Penetration testing and vulnerability assessments are the perfect pair to use in tandem to mature your cybersecurity practices. Both of these processes seek out weaknesses in your attack surface. While automated vulnerability assessments can help you quickly identify some of these most common security issues, you can’t overlook the added value of a pen tester's skills and creativity to think just like an attacker and mimic steps they may take to access your environment.
Focus on Active Scanning
Active scanning, a core component of Nessus Professional, a part of the Tenable One Platform, is a great way to complement your existing pen testing practices. For example, if you’re looking for an exploit within a website, you can use a web application scanner to find specific ways your internet-facing applications are vulnerable to attacks. Once identified, you can put your pen test skills to work to explore these issues in greater detail.
Save Time
Automated vulnerability scans can quickly identify areas where you should focus your pen testing activities. For example, if you conduct a scan and discover that a client’s Apache framework has a security issue, you can focus on demonstrating how an attacker might exploit that issue and then offer a remediation solution.
Conduct Offline Assessments
While internet-facing assets are often front-of-mind for potential attacks, your offline assets are at risk too. With the support of Nessus Professional’s Live Results, for example, as part of your penetration testing, you can perform offline vulnerability assessments every time a plugin is updated. If something suspicious pops up, you get an alert and can focus pen testing steps from there.
No. 1 In Accuracy
With six-sigma accuracy, Nessus has the lowest false positive rate in the industry, measured at .32 defects per 1 million scans.
No. 1 in Coverage
Nessus features more than 140,000 plugins for more than 50,000 common vulnerability exploits (CVEs). Each week, Tenable releases more than 100 new plugins and covers high-profile issues within 24 hours of vulnerability disclosure.
No. 1 in Adoption
Tens of thousands of organizations around the world trust Nessus. It has more than 2 million downloads and is used by 65% of the Fortune 500.
Try Nessus for Free
Use Nessus to get more visibility into your attack surface, including all your assets and vulnerabilities, and improve your penetration testing processes.
- Tenable Nessus