Penetration testing, often called “pen testing,” is a controlled, simulated cyber attack conducted by security professionals to identify and exploit vulnerabilities in a computer system, network, or web application. It involves using various methods and tools depending on the target, which may include IT infrastructure, networks, systems, web apps, mobile apps, or the cloud. The objective is to improve the organisation’s security posture by uncovering weaknesses in its IT infrastructure, applications, and employees. Additionally, penetration testing is often required by compliance standards such as PCI DSS, ISO, SOC 2, HIPAA, and FTC. The test results provide recommendations on how to address these vulnerabilities and reduce the risk of future exploitation.