A penetration test is the practice of evaluating the security of a computer system or network by simulating an attack from a malicious source. It can be performed through full disclosure of the topology and environment (white box) or with no knowledge of the environment (black box).
The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Any security issues found will be presented to the system owner together with an assessment of their impact and a customized remediation plan to mitigate the risk. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered.