What is pentest (Penetration Testing)?

An authorized simulated attack on a system to identify exploitable vulnerabilities — conducted by humans or autonomous tools.

Full explanation

A pentest is the adversarial analog of a security audit. A pentester attempts to compromise the system within a defined scope, produces a report listing findings with exploitation evidence. Types: black-box (no internal access), gray-box (partial), white-box (full source + architecture docs). Autonomous pentest tools (XBOW, Pentera, Horizon3 NodeZero) increasingly augment or replace human-led pentests.

Example

A startup commissions a black-box pentest before their first enterprise deal. The pentester finds BOLA in three API routes; the team fixes them; the deal closes.

FAQ

Pentest vs bug bounty?

Pentest: scoped + time-bound + confidential. Bug bounty: continuous + broad + public rewards. Most mature programs run both.