Penetration Testing is word soup. It has been bastardized over the years by project managers, business management, our own cyber security industry and many others. We are in a world where Penetration Testing is expressed as any of the following:
- PEN testing
Penetration testing has existed as a cyber security assurance activity since the mid 1990’s but still today it lacks clear definition. Penetration Testing as a term is sadly very much misunderstood. For people outside of the Cyber and the Information Security domains, phrases such as security auditing, penetration testing, vulnerability analysis, ethical hacking and red teaming all mean the same thing. Yet for us within the industry, they mean very different things.
In this article, we provide support to the CREST work into Defensible Penetration Testing by turning penetration testing into a clearly defined, defensible term that can be used accurately.