Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.
External penetration Test
External pen-testing is the traditional, more common approach to pen-testing. It addresses the ability of a remote attacker to get to the internal network. The goal of the pen-test is to access specific servers and crown jewels within the internal network by exploiting externally exposed servers, clients, and people. Whether it's an exploit against a vulnerable Web application or tricking a user into giving you his password over the phone, allowing access to the VPN, the end game is getting from the outside to the inside.
Internal penetration Test
Internal pen-testing takes a different approach one that simulates what an insider attack could accomplish. The target is typically the same as external pen-testing, but the major differentiator is the "attacker" either has some sort of authorized access or is starting from a point within the internal network. Insider attacks have the potential of being much more devastating than an external attack because insiders already have the knowledge of what's important within a network and where it's located, something that external attackers don't usually know from the start.
Web Application Penetration
Web Application Penetration Testing is a process in which we use penetration testing and security skills to find different vulnerabilities in web applications.It plays an important role in every modern organization.But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data.The web application penetration testing key outcome is to identify security weakness across the entire web application and its components.