According to Gartner, penetration testing or pentesting is a cybersecurity strategy that "provides visibility into aggregations of misconfigurations or vulnerabilities that could lead to an attack that could cause serious business impact."
Jason Mar-Tang, AVP and Field CISO at Pentera, considers it "a proactive cybersecurity exercise where white hat hackers emulate cyberattacks against an organisation to identify exploitable security gaps within the IT environment." To put it simply, he says that "pentesting utilises the attacker's mindset and capabilities to improve the organisation's defensive capabilities."
Mar-Tang adds that the strategy is a crucial cybersecurity measure because it enables security teams to validate their existing security controls from the attacker's perspective. Pentests challenge the existing security controls within the organisation against the tactics, techniques, and procedures (TTPs) that threat actors are using in the wild. This validation enabled security teams to understand where their security can be exploited and proactively patch any gaps before threat actors ever get a chance," he adds.
